CVE-2015-6535

Name of the Vulnerable Software and Affected Versions YouTube Embed plugin versions prior to 3.3.3

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote administrators to inject arbitrary web script or HTML via the youtube embed name parameter in the Profile name field.

Recommendations For versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Profile name field to minimize the risk of exploitation. Avoid using the youtube embed name parameter in the affected endpoint until the issue is resolved.