CVE-2024-29882 - API Security Blog

Main / CVE-2024-29882

CVE-2024-29882

Discription

SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-<id>?callback=<payload> endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and…Read More

References

Back to Main

Subscribe for the latest news: