Cross-site scripting, a computer security vulnerability in web applications
Header injection in HTTP responses can allow for HTTP response splitting (also known as CRLF - Carriage Return Line Feed), Session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirects attacks via the location header.