CVE-2024-29882

CVSS V2 None CVSS V3 None
Description
SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.
Overview
  • CVE ID
  • CVE-2024-29882
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-03-28T13:33:42.500Z
  • Last Modified Date
  • 2024-03-28T13:33:42.500Z
History
Created Old Value New Value Data Type Notes
2024-06-26 02:36:57 Added to TrackCVE