"The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash." - Entry from the Common Weakness Enumeration
For more info visit CWE-644
The Vulnerability History Project