VYPR

CWE-644

Improper Neutralization of HTTP Headers for Scripting Syntax

VariantIncompleteLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (22)

page 1 of 2
  • CVE-2025-70948CriMar 5, 2026
    risk 0.60cvss 9.3epss 0.00

    A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.

  • CVE-2017-6031HigMay 6, 2017
    risk 0.57cvss 8.8epss 0.03

    A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.

  • CVE-2026-33149HigMar 26, 2026
    risk 0.53cvss 8.1epss 0.00

    Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses…

  • CVE-2026-33805HigApr 15, 2026
    risk 0.49cvss 8.6epss 0.00

    @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This allows attackers to retroactively strip proxy-added headers from upstream requests…

  • CVE-2025-64484HigNov 10, 2025
    risk 0.48cvss 8.5epss 0.01

    OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions prior to 7.13.0, all deployments of OAuth2 Proxy in front of applications that normalize…

  • CVE-2025-13803HigDec 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax.…

  • CVE-2026-48126HigMay 26, 2026
    risk 0.46cvss 8.2epss 0.00

    Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request handler resolves the served directory by joining the configured --dir with the…

  • CVE-2026-4096MedJun 11, 2026
    risk 0.42cvss 6.5epss 0.00

    IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or…

  • CVE-2025-52647MedOct 10, 2025
    risk 0.40cvss 6.1epss 0.00

    The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.

  • CVE-2025-27632MedMar 25, 2025
    risk 0.40cvss 6.1epss 0.00

    A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.

  • CVE-2025-23001MedJan 31, 2025
    risk 0.40cvss 6.1epss 0.00

    A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE:…

  • CVE-2025-66485MedApr 1, 2026
    risk 0.35cvss 5.4epss 0.00

    IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or…

  • CVE-2024-30129MedDec 6, 2024
    risk 0.34cvss 5.3epss 0.00

    The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.

  • CVE-2025-24339MedApr 30, 2025
    risk 0.33cvss 5.0epss 0.00

    A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request.

  • CVE-2025-23191LowFeb 11, 2025
    risk 0.20cvss 3.1epss 0.00

    Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP server to a malicious…

  • CVE-2025-52660LowJan 19, 2026
    risk 0.18cvss 2.7epss 0.00

    HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise.

  • CVE-2025-63828Nov 18, 2025
    risk 0.00cvss epss 0.00

    Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.

  • CVE-2024-10006Oct 30, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

  • CVE-2024-21499Feb 17, 2024
    risk 0.00cvss epss 0.01

    All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling…

  • CVE-2023-34036Jul 17, 2023
    risk 0.00cvss epss 0.00

    Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and…