CVE-2021-34630

Name of the Vulnerable Software and Affected Versions: GTranslate versions prior to 2.8.65

Description: The issue concerns a reflected XSS vulnerability. It affects older browsers like Internet Explorer 9 or below, cases where an attacker can modify the request between the client and server, or atypical browsing solutions. The gtranslate request uri var function is involved, echoing the contents of $ SERVER['REQUEST URI']. Although it uses addslashes, this is insufficient to prevent the vulnerability in certain scenarios.

Recommendations: For versions prior to 2.8.65, update to version 2.8.65 or later to resolve the issue. As a temporary workaround, consider restricting access to the gtranslate request uri var function until a patch is available. Avoid using atypical browsing solutions or older browsers that do not automatically URL encode requests.