CVE-2022-4882

Name of the Vulnerable Software and Affected Versions kaltura mwEmbed versions up to 2.91

Description A problem was found in the Share Plugin component, specifically in the file modules/KalturaSupport/components/share/share.js. The issue allows for cross site scripting through the manipulation of the res argument. This can be exploited remotely, but the complexity of the attack is rather high, making exploitation difficult. The exploit has been disclosed publicly.

Recommendations For versions up to 2.91, upgrade to version 2.92.rc1 to address this issue. As a temporary workaround, consider restricting access to the share.js file in the Share Plugin component until the upgrade is applied.