Reflected XSS Vulnerability on rss.php

kaltura / mwEmbed

Kaltura's Cross Platform Video Player ToolKit

http://player.kaltura.com

GNU Affero General Public License v3.0

210 stars 135 forks source link

Reflected XSS Vulnerability on rss.php #4300

Open frostb1ten opened 2 years ago

frostb1ten commented 2 years ago

Fix for a Reflected XSS vulnerability. Attackers can add the X-Forwarded-Host header to inject XSS payloads.

X-Forwarded-Host:

This mitigation prevents X-Forwarded-Host from being modified.

kaltura-hooks commented 2 years ago

Hi @frostb1ten, Thank you for contributing this pull request! Please sign the Kaltura CLA so we can review and merge your contribution. Learn more at http://bit.ly/KalturaContrib

frostb1ten commented 2 years ago

CLA completed. Thank you!