CVE-2019-19456: XSS
First published: Mon May 18 2020(Updated: )
A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wowza Streaming Engine | >=4.0.0<=4.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this XSS vulnerability?
The vulnerability ID is CVE-2019-19456.
Where was the XSS vulnerability found?
The XSS vulnerability was found in the server selection box inside the login page of Wowza Streaming Engine <= 4.x.x.
What version of Wowza Streaming Engine is affected by this vulnerability?
Wowza Streaming Engine versions between 4.0.0 and 4.8.0 are affected by this vulnerability.
How severe is this XSS vulnerability?
This XSS vulnerability has a severity rating of medium, with a CVSS score of 6.1.
How can I fix this XSS vulnerability?
You can fix this XSS vulnerability by updating Wowza Streaming Engine to version 4.8.0 or later.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/wowza
- canonical/wowza streaming engine
- version/wowza streaming engine/4.0.0
- version/wowza streaming engine/4.8.0