CVE-2019-19453

[Suggested Description]
---------------------------------------
An authenticated user, with access to the proxy license editing is able to
insert a malicious payload that will be triggered in the main page of server
settings.
---------------------------------------
[Vulnerability Type]
Cross-Site Scripting
---------------------------------------
[Vendor of Product]
Wowza Media Systems LLC
---------------------------------------
[Affected Product Code Base]
Wowza Streaming Engine - Versions prior to 4.8.5, Issue fixed in 4.8.5
---------------------------------------
[Affected Component]
Wowza Streaming Engine Manager
---------------------------------------
[Attack Type]
Remote
---------------------------------------
[Impact Code Execution]
true
---------------------------------------
[Impact Denial of Service]
false
---------------------------------------
[Attack Vector]
An authenticated user is able to insert a malicious payload in the license
server proxy settings that will be triggered in the Server Setup form.
---------------------------------------
[Has the vendor confirmed or acknowledged the vulnerability?]
true