Name of the Vulnerable Software and Affected Versions: Keter (affected versions not specified)

Description: A reflected XSS issue exists in the logic handling VHost dispatch, where Keter echoes back the Host header value unescaped as part of an HTML error page. This could be exploited in the presence of further weaknesses in components upstream of Keter in the HTTP proxying chain.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.