/alerttags/cwe-113/ Recent content in CWE-113 on ZAP Hugo en-us /docs/alerts/40003/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40003/ <p>Cookie can be set via CRLF injection. It may also be possible to set arbitrary HTTP response headers. In addition, by carefully crafting the injected response using cross-site script, cache poisoning vulnerability may also exist.</p>