Ossrs: >> Simple Realtime Server >> 5.0.157 Security Vulnerabilities
SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<payload>` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.
CVSS Score
7.2
EPSS Score
0.077
Published
2024-03-28