First published: Thu Nov 21 2024(Updated: )
Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.
Credit: cve@rapid7.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wowza Streaming Engine | <4.9.1 | |
All of | ||
Wowza Streaming Engine | >=4.3.0<4.9.1 | |
Any of | ||
Linux Kernel | ||
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-52053 is considered a critical vulnerability due to its potential to allow unauthenticated attackers to execute arbitrary JavaScript in the web dashboard.
To fix CVE-2024-52053, upgrade to a version of Wowza Streaming Engine that is 4.9.1 or higher.
CVE-2024-52053 affects Wowza Streaming Engine versions prior to 4.9.1.
CVE-2024-52053 is a stored cross-site scripting (XSS) vulnerability.
CVE-2024-52053 can be exploited by unauthenticated attackers.