CVE-2018-7049

[Suggested description]
An issue was discovered in Wowza Streaming Engine before 4.7.1.
There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager)
causing script injection and/or reflection via a crafted HTTP request.

------------------------------------------

[Vulnerability Type]
Cross Site Scripting (XSS)

------------------------------------------

[Vendor of Product]
Wowza Media Systems LLC

------------------------------------------

[Affected Product Code Base]
Wowza Streaming Engine - All versions from 4.7.0 and prior, Issue fixed in 4.7.1

------------------------------------------

[Affected Component]
Wowza Streaming Engine Http providers

com.wowza.wms.http.HTTPProviderMediaList
com.wowza.wms.http.streammanager.HTTPStreamManager

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Code execution]
true

------------------------------------------

[Attack Vectors]
Using a specifically crafted HTTP request

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
true