Try our conversational search powered by Generative AI!
AI OnAI Off
Mar 05, 2019
Apr 19, 2019
Closed, Fixed and tested
A function call contains an HTTP response-splitting flaw. Writing untrusted input to an HTTP header allows an attacker to manipulate the HTTP response rendered by the browser, leading to cache poisoning and cross-site scripting attacks.
Remove unexpected carriage returns and line feeds from untrusted data used to construct an HTTP response. Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible.
Offender:
episerver.marketing.testing.web.dll void AddCookie(System.Web.HttpCookie)
episerver.marketing.connector.dll void UpsertTrackingCookie(string, string,System.Collections.Generic.List<Connector.Framework.Data.CookieData>)
Possible Offender:
episerver.marketing.kpi.dll episerver_marketing_kpi_dll.EPiServer.Marketing.KPI.Common.StickySiteKpi void AddSessionOnLoadedContent(object sender, ContentEventArgs e)