Invicti identified a CRLF (new line) HTTP header injection.
This means the input goes into HTTP headers without proper input filtering.
- Cross-site scripting attack, which can lead to session hijacking
- Session fixation attack by setting a new cookie, which can also lead to session hijacking
- See the remedy for solution.
- Ensure the server security patches are up to date and that the current stable version of the software is in use.