PT-2023-15890 · Kaltura · Kaltura Mwembed
Yairans
·
Published
2023-01-04
·
Updated
2024-05-17
·
CVE-2022-4876
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kaltura mwEmbed versions up to 2.96.rc1
Description
A vulnerability was found in Kaltura mwEmbed, affecting some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument
HTTP X FORWARDED HOST leads to cross-site scripting. The attack may be initiated remotely.Recommendations
For Kaltura mwEmbed versions up to 2.96.rc1, upgrade to version 2.96.rc2 to address this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kaltura Mwembed