Web Cache Poisoning via JSONP and UTM_ parameter
Description
This web application is using a caching system. By sending a request with the same GET parameter cloacked inside the value of an UTM_* parameter it was possible to force the caching system to cache a response that contains user-controlled input. This cached response can be later served to a victim resulting in various vulnerabilities.
Remediation
Separating parameters by <strong>;</strong> is not recommended and may cause various security issues.