Description
Input passed to the "User-Agent" header parameter it isn't properly sanitised before being returned to the user on 404 or 500 error. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Confirmed in version MX 7. Other versions may also be affected.
Remediation
Contact the vendor for further information.
References
Related Vulnerabilities
WordPress Plugin Download Monitor Unspecified Vulnerability (1.9.6)
WordPress Plugin WooCommerce BuddyPress Integration Unspecified Vulnerability (3.2.6.1)
WordPress Plugin Cart66 Lite::WordPress Ecommerce SQL Injection (1.5.1.17)
WordPress Plugin Erident Custom Login and Dashboard Cross-Site Scripting (3.5.8)
WordPress Plugin WP-Live Chat by 3CX Multiple Vulnerabilities (4.3.5)