CVE-2016-20036 MEDIUM

CVE-2016-20036: Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

Vendor Wowza Media Systems, Llc.
Product Wowza Streaming Engine
Weakness CWE-79 · XSS
Published March 15, 2026
Last update May 24, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.

Key dates

02Disclosure timeline

March 15, 2026 CVE published
May 24, 2026 Record updated