Skip to main content

Kaltura Server

5 CVEs product

Monthly

CVE-2017-14143 CRITICAL POC THREAT Emergency

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

Authentication Bypass PHP Kaltura Server
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
77.4%
Threat
5.8
CVE-2017-14142 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kaltura Server
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-14141 HIGH POC This Week

The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Kaltura Server
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2017-6392 MEDIUM PATCH This Month

An issue was discovered in Kaltura server Lynx-12.11.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Kaltura Server
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-6391 MEDIUM PATCH This Month

An issue was discovered in Kaltura server Lynx-12.11.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Kaltura Server
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
EPSS 77% 5.8 CVSS 9.8
CRITICAL POC THREAT Emergency

The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 77.4%.

Authentication Bypass PHP Kaltura Server
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kaltura Server
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Kaltura Server
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in Kaltura server Lynx-12.11.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Kaltura Server
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in Kaltura server Lynx-12.11.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Kaltura Server
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy