Description
When an nginx web server implements an HTTP redirect by using the $uri or $document_uri variables within the redirection target location, the resulting configuration may be vulnerable to header injection.
Remediation
Implement the HTTP redirect with $request_uri instead of $uri or $document_uri.
References
Related Vulnerabilities
WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)
WordPress Plugin Event List Cross-Site Scripting (0.7.9)
WordPress Plugin BetterLinks-Shorten, Track and Manage any URL Cross-Site Scripting (1.2.5)
WordPress Plugin youForms for WordPress-Creating Forms for CopeCart Cross-Site Scripting (1.0.5)