Vulnerability Description
Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wowza | Streaming Engine | <= 4.8.0 |
Related Weaknesses (CWE)
References
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-WowzaExploitThird Party Advisory
- https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streamThird Party Advisory
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notesRelease NotesVendor Advisory
- https://www.wowza.com/pricing/installerVendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-7655-XSS-WowzaExploitThird Party Advisory
- https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/main/wowza-streamThird Party Advisory
- https://www.wowza.com/docs/wowza-streaming-engine-4-8-5-release-notesRelease NotesVendor Advisory
- https://www.wowza.com/pricing/installerVendor Advisory
FAQ
What is CVE-2019-7655?
CVE-2019-7655 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup ...
How severe is CVE-2019-7655?
CVE-2019-7655 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7655?
Check the references section above for vendor advisories and patch information. Affected products include: Wowza Streaming Engine.