CVE-2024-52053

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-52053
Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/ Third Party Advisory
https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes Release Notes
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

17 Jun 2026, 08:06

Type Values Removed Values Added
References () https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/ - () https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/ - Third Party Advisory
References () https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes - () https://www.wowza.com/docs/wowza-streaming-engine-4-9-1-release-notes - Release Notes
Summary
  • (es) Cross site scripting almacenado en el componente Administrador de Wowza Streaming Engine anterior a 4.9.1 permiten que un atacante no autenticado inyecte JavaScript del lado del cliente en el panel web para secuestrar automáticamente las cuentas de administrador.
First Time Linux linux Kernel
Microsoft windows
Wowza streaming Engine
Wowza
Linux
Microsoft
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.6
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:wowza:streaming_engine:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

21 Nov 2024, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-21 23:15

Updated : 2026-06-17 08:06

NVD link : CVE-2024-52053

Mitre link : CVE-2024-52053

CVE.ORG link : CVE-2024-52053

JSON object : View

Products Affected

microsoft

  • windows

wowza

  • streaming_engine

linux

  • linux_kernel
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')