VYPR
Unrated severityNVD Advisory· Published Mar 15, 2026· Updated Mar 16, 2026

Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

CVE-2016-20036

Description

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: = 4.5.0
  • Wowza Media Systems, LLC./Wowza Streaming Enginev5
    Range: 4.5.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.