| عنوان | jameschz Hush 2.0 Improper Neutralization of HTTP Headers for Scripting Syntax |
|---|
| الوصف | $_SERVER['HOST'] is populated from the HTTP Host header submitted by the client. When the application uses this value directly to build absolute URLs, generate links in emails, or reflect it into HTML responses, an attacker can supply an arbitrary Host header and achieve a range of impacts |
|---|
| المصدر | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/hush.md |
|---|
| المستخدم | lakshay12311 (UID 91298) |
|---|
| ارسال | 02/11/2025 01:19 PM (6 أشهر منذ) |
|---|
| الاعتدال | 19/11/2025 05:55 PM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 332978 [jameschz Hush Framework 2.0 HTTP Host Header Util.php $_SERVER['HOST']] |
|---|
| النقاط | 18 |
|---|