page
, id
, language
, lang
...)page
is not sanitized enough and a CRLF sequence (%0D%0A
) can be injected.Injection
header is then reflected in the HTTP response, right after the legitimate X-Custom-Question
header.%0D%0A%0D%0A
).script
tag in the body.