An *Open Redirect* vulnerability

Disclosed by
hunter12
Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program

Site has been remediated. X headers updated

Summary by hunter12

When sending a request with a modified value in the X-Forwarded-Host header, the server changes the redirection destination (Location) to the injected value. This vulnerability allows attackers to redirect users to malicious sites without their knowledge.

Activity