CWE•Variant•Incomplete•5 recent CVEs

CWE-644Improper Neutralization of HTTP Headers for Scripting Syntax

Description

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

[object Object]

Common consequences

Integrity,Confidentiality,Availability→Execute Unauthorized Code or Commands
Run arbitrary code.
Confidentiality→Read Application Data
Attackers may be able to obtain sensitive information.

Potential mitigations

Architecture and Design
Perform output validation in order to filter/escape/encode unsafe data that is being passed from the server in an HTTP response header.
Architecture and Design
Disable script execution functionality in the clients' browser.

Recent CVEs classified under this CWE

CVE-2026-481268.22026-05-26 CVE-2026-338058.62026-04-15 CVE-2026-331498.12026-03-26 CVE-2025-709489.32026-03-05 CVE-2025-526602.72026-01-19

Description

Common consequences

Potential mitigations

Related CWEs

Recent CVEs classified under this CWE