Description
When an nginx web server implements an HTTP redirect by using the $uri or $document_uri variables within the redirection target location, the resulting configuration may be vulnerable to header injection.
Remediation
Implement the HTTP redirect with $request_uri instead of $uri or $document_uri.
References
Related Vulnerabilities
WordPress Plugin Twitch Player Cross-Site Scripting (2.1.0)
WordPress Plugin ThreeWP Email Reflector 'Subject' Field Cross-Site Scripting (1.15)
WordPress Plugin Syndication Links Cross-Site Scripting (1.0.2)
WordPress Plugin Advanced User Registration and Management Cross-Site Scripting (2.3.5)
WordPress Plugin Social Hashtags Cross-Site Scripting (3.0.0)