Unrated severityNVD Advisory· Published Mar 15, 2026· Updated Mar 16, 2026
Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities
CVE-2016-20036
Description
Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.
Affected products
2- Range: = 4.5.0
- Wowza Media Systems, LLC./Wowza Streaming Enginev5Range: 4.5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/40135mitreexploit
- www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5343.phpmitrevendor-advisory
- www.vulncheck.com/advisories/wowza-streaming-engine-multiple-cross-site-scripting-vulnerabilitiesmitrethird-party-advisory
News mentions
0No linked articles in our index yet.