PT-2023-15890 · Kaltura · Kaltura Mwembed
Yairans
·
Publicado
2023-01-04
·
Atualizado
2024-05-17
·
CVE-2022-4876
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kaltura mwEmbed versions up to 2.96.rc1
Description
A vulnerability was found in Kaltura mwEmbed, affecting some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument
HTTP X FORWARDED HOST leads to cross-site scripting. The attack may be initiated remotely.Recommendations
For Kaltura mwEmbed versions up to 2.96.rc1, upgrade to version 2.96.rc2 to address this issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kaltura Mwembed