2024-12-13 13:46:54
ENISA
PUBLISHED
Improper input handling in the Host Header allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the applications standard functionality, it enables the execution of the payload, resulting in Stored XSS or Cross-Site Scripting.