CWE-644
AllowedImproper Neutralization of HTTP Headers for Scripting Syntax
Abstraction: Variant · Status: Incomplete
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
104 vulnerabilities reference this CWE, most recent first.
GHSA-8PXM-658R-R9J2
Vulnerability from github – Published: 2024-03-20 15:32 – Updated: 2024-08-05 21:31An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.
{
"affected": [],
"aliases": [
"CVE-2024-22081"
],
"database_specific": {
"cwe_ids": [
"CWE-444",
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-20T05:15:45Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism.",
"id": "GHSA-8pxm-658r-r9j2",
"modified": "2024-08-05T21:31:18Z",
"published": "2024-03-20T15:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22081"
},
{
"type": "WEB",
"url": "https://www.elspec-ltd.com/support/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9F79-6FPR-26F7
Vulnerability from github – Published: 2026-02-12 06:30 – Updated: 2026-02-12 06:30JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.
{
"affected": [],
"aliases": [
"CVE-2026-26234"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-12T04:15:47Z",
"severity": "HIGH"
},
"details": "JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.",
"id": "GHSA-9f79-6fpr-26f7",
"modified": "2026-02-12T06:30:13Z",
"published": "2026-02-12T06:30:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26234"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/jung-smart-visu-server-improper-neutralization-of-http-headers-for-scripting-syntax"
},
{
"type": "WEB",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9HCH-G858-CR9J
Vulnerability from github – Published: 2024-02-02 15:30 – Updated: 2024-02-02 15:30IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.
{
"affected": [],
"aliases": [
"CVE-2023-47143"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-02T13:15:08Z",
"severity": "CRITICAL"
},
"details": "IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 270270.",
"id": "GHSA-9hch-g858-cr9j",
"modified": "2024-02-02T15:30:28Z",
"published": "2024-02-02T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47143"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270270"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7105139"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9QXQ-9WPJ-4F86
Vulnerability from github – Published: 2026-07-03 00:31 – Updated: 2026-07-03 00:31The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.
{
"affected": [],
"aliases": [
"CVE-2026-54477"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T00:16:52Z",
"severity": "MODERATE"
},
"details": "The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.",
"id": "GHSA-9qxq-9wpj-4f86",
"modified": "2026-07-03T00:31:55Z",
"published": "2026-07-03T00:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54477"
},
{
"type": "WEB",
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-183-03.json"
},
{
"type": "WEB",
"url": "https://mygardyn.com/security"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-183-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-C2M2-2CPV-RG7H
Vulnerability from github – Published: 2026-02-05 00:31 – Updated: 2026-02-05 00:31IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
{
"affected": [],
"aliases": [
"CVE-2024-51451"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T22:15:56Z",
"severity": "MODERATE"
},
"details": "IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.",
"id": "GHSA-c2m2-2cpv-rg7h",
"modified": "2026-02-05T00:31:00Z",
"published": "2026-02-05T00:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51451"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7257006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C2MP-368Q-JRJG
Vulnerability from github – Published: 2025-10-11 00:30 – Updated: 2025-10-11 00:30The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
{
"affected": [],
"aliases": [
"CVE-2025-52647"
],
"database_specific": {
"cwe_ids": [
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-10T23:15:36Z",
"severity": "MODERATE"
},
"details": "The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.",
"id": "GHSA-c2mp-368q-jrjg",
"modified": "2025-10-11T00:30:18Z",
"published": "2025-10-11T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52647"
},
{
"type": "WEB",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124562"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-F673-96M5-V64F
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.
{
"affected": [],
"aliases": [
"CVE-2017-6031"
],
"database_specific": {
"cwe_ids": [
"CWE-644",
"CWE-74"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-06T00:29:00Z",
"severity": "HIGH"
},
"details": "A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An \"improper neutralization of HTTP headers for scripting syntax\" issue has been identified, which may allow remote code execution.",
"id": "GHSA-f673-96m5-v64f",
"modified": "2022-05-13T01:36:36Z",
"published": "2022-05-13T01:36:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6031"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-096-01A"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97479"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FFPG-GM3H-4P5P
Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-19 18:59Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "backdrop/backdrop"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.32.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-63828"
],
"database_specific": {
"cwe_ids": [
"CWE-601",
"CWE-644"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-18T21:56:57Z",
"nvd_published_at": "2025-11-18T18:16:13Z",
"severity": "MODERATE"
},
"details": "Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.",
"id": "GHSA-ffpg-gm3h-4p5p",
"modified": "2025-11-19T18:59:46Z",
"published": "2025-11-18T18:32:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63828"
},
{
"type": "PACKAGE",
"url": "https://github.com/backdrop/backdrop"
},
{
"type": "WEB",
"url": "https://github.com/mertdurum06/BackdropCms-1.32.1"
},
{
"type": "WEB",
"url": "https://github.com/mertdurum06/BackdropCms-1.32.1/blob/main/backdropcms_exploit.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Backdrop CMS Host Header Injection vulnerability"
}
GHSA-FQVV-MH7W-3JQ3
Vulnerability from github – Published: 2024-12-21 15:30 – Updated: 2025-11-04 00:32IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.
{
"affected": [],
"aliases": [
"CVE-2024-51464"
],
"database_specific": {
"cwe_ids": [
"CWE-288",
"CWE-644"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-21T14:15:21Z",
"severity": "MODERATE"
},
"details": "IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i.",
"id": "GHSA-fqvv-mh7w-3jq3",
"modified": "2025-11-04T00:32:15Z",
"published": "2024-12-21T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51464"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7179509"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Dec/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Dec/20"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GV64-36XP-C47J
Vulnerability from github – Published: 2025-03-25 15:31 – Updated: 2025-03-25 15:31A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.
{
"affected": [],
"aliases": [
"CVE-2025-27632"
],
"database_specific": {
"cwe_ids": [
"CWE-644",
"CWE-74"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-25T13:15:41Z",
"severity": "MODERATE"
},
"details": "A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.",
"id": "GHSA-gv64-36xp-c47j",
"modified": "2025-03-25T15:31:28Z",
"published": "2025-03-25T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27632"
},
{
"type": "WEB",
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header.
Mitigation
Disable script execution functionality in the clients' browser.
No CAPEC attack patterns related to this CWE.