VYPR
High severity7.2NVD Advisory· Published Mar 28, 2024· Updated Jun 17, 2026

CVE-2024-29882

CVE-2024-29882

Description

SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.

Affected products

2
  • Oscc/Srsllm-create2 versions
    before 5.0.210 and 6.0.121+ 1 more
    • (no CPE)range: before 5.0.210 and 6.0.121
    • (no CPE)range: < 5.0.210

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.