Description:

Unvalidated host header leaks into response and page. Because the page can be cached, this leak poses a risk for all store customers because any HTML or JavaScript code can be injected. Such an exploit works only with specific server configurations, and allows an attacker to intercept a session or modify a page with fake credit card forms, etc. Note: While this issue is not applicable to out of the box Magento Community installations, it could possibly be exploited with 3rd party full page caching extensions. This patch was also already included in 1.9.2.1 release.