Lack of data validation - Host Header Injection
Description
The application allows to manipulate the host header which may lead to unintended redirects to malicious websites.
Impact
Redirect the user to harfmful websites.
Recommendation
Validate the host header against a whitelist of trusty domains.
Threat
Anonymous attacker from adjacent network.
Expected Remediation Time
⏱️ 30 minutes.