An OSWAP scan reveal a XSS vulnerabilitie on my website.
The problem : When specify a wrong host, i got the value in the response. Postman response example While the return is 500, can it be exploit ?
I see lot of things about this in the web but not realy how to fix it. I'm not sure if the problem come from my PHP configuration or Apache.
I found that : How to exploit HTTP "Host" header XSS vulnerability? Would it be a solution in this case ?
httpd version : 2.4.33 / PHP 5.6 and Zend Framework 2.4
