vendor:
Web Video Streamer
by:
SecurityFocus
7,5
CVSS
HIGH
Cross-site Scripting, Directory-traversal, Command-injection
79, 22, 78
CWE
Product Name: Web Video Streamer
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:web_video_streamer:web_video_streamer
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014
Web Video Streamer Multiple Security Vulnerabilities
A remote attacker can leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to view arbitrary local files and directories within the context of the webserver. This may let the attacker steal cookie-based authentication credentials and gain access to sensitive information, which may aid in launching further attacks.
Mitigation:
Ensure that input is properly sanitized and validated before being used in the application.
