CVE-2019-7655: XSS
First published: Wed Jan 29 2020(Updated: )
Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the (1) customList%5B0%5D.value field in enginemanager/server/serversetup/edit_adv.htm of the Server Setup configuration or the (2) host field in enginemanager/j_spring_security_check of the login form. This issue was resolved in Wowza Streaming Engine 4.8.5.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wowza Streaming Engine | <=4.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-7655?
The severity of CVE-2019-7655 is medium with a CVSS score of 5.4.
How does CVE-2019-7655 affect Wowza Streaming Engine?
CVE-2019-7655 affects Wowza Streaming Engine versions up to and including 4.8.0.
What is the vulnerability in CVE-2019-7655?
The vulnerability in CVE-2019-7655 is a multiple authenticated XSS vulnerability.
How can an attacker exploit CVE-2019-7655?
An attacker can exploit CVE-2019-7655 by injecting malicious code via the customList[0].value field or the host field in the login form of Wowza Streaming Engine.
Is there a fix available for CVE-2019-7655?
Yes, the fix for CVE-2019-7655 is included in Wowza Streaming Engine 4.8.5. It is recommended to update to this version to mitigate the vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- vendor/wowza
- canonical/wowza streaming engine
- version/wowza streaming engine/4.8.0