Kaltura Kaltura_server
5 CVEs affecting Kaltura Kaltura_server. Latest disclosed: 2017-09-19. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-14143 | Critical | 9.8 | 2017-09-19 | The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass a… |
CVE-2017-14141 | High | 7.2 | 2017-09-19 | The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks an… |
CVE-2017-14142 | Medium | 6.1 | 2017-09-19 | Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerI… |
CVE-2017-6392 | Medium | 6.1 | 2017-03-02 | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lyn… |
CVE-2017-6391 | Medium | 6.1 | 2017-03-02 | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "admin_cons… |