Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
Site updated.
Host Header Injection via X-FORWARDED-HOST lead to open redirection
Disclosed by ashraff_01- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date 11 months ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by ashraff_01
The target website is vulnerable to a Host Header Injection attack through the X-FORWARDED-HOST header. This vulnerability can be exploited to perform an open redirection, which could allow an attacker to redirect users to a malicious site, conduct phishing attacks, or bypass security controls.