XSS in Wowza Streaming Engine
CVE-2024-52053
Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.008 (73.7th percentile) — read the EPSS interpretation.
Affected products
- Wowza Streaming Engine — versions 0