Description
When an nginx web server implements an HTTP redirect by using the $uri or $document_uri variables within the redirection target location, the resulting configuration may be vulnerable to header injection.
Remediation
Implement the HTTP redirect with $request_uri instead of $uri or $document_uri.
References
Related Vulnerabilities
WordPress Plugin Video Embed & Thumbnail Generator Cross-Site Scripting (4.0.3)
WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.2)
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
WordPress Plugin Google XML Sitemaps Cross-Site Scripting (4.0.8)