Yairans

**Name of the Vulnerable Software and Affected Versions** Kaltura mwEmbed versions up to 2.96.rc1 **Description** A vulnerability was found in Kaltura mwEmbed, affecting some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument `HTTP X FORWARDED HOST` leads to cross-site scripting. The attack may be initiated remotely. **Recommendations** For Kaltura mwEmbed versions up to 2.96.rc1, upgrade to version 2.96.rc2 to address this issue.