CVE-2022-4876
Kaltura mwEmbed up to 2.96.rc1 is affected by a cross-site scripting vulnerability in the handling of the file includes/DefaultSettings.php via the HTTP_X_FORWARDED_HOST parameter. The attack may be initiated remotely. Upgrading to 2.96.rc2 addresses the issue (patch 13b8812ebc8c9fa034eed91ab35ba...