Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
The XSS report would is considered informational, since it only demonstrates a self attack. The payload is being injected by intercepting the request, so the victim would have to inject the payload themselves.
Summary by ashraff_01
During the security assessment of the NASA website, I identified a severe vulnerability caused by improper handling of HTTP headers, specifically the X-Forwarded-Host header. The vulnerability allows an attacker to manipulate the HTTP response headers and body content, resulting in an open redirection and potential reflected Cross-Site Scripting (XSS) attack.
