Hi

our security team raised one security issue.

Name Host Header Injection Status Open Severity Low Exploitability Difficult Function / Target Login Description The application was found to be using HTTP Host Header value without any validation for generating redirection link. Risk / Impact An attacker may be able to exploit host header injection vulnerability by using mechanisms such as web-cache poisoning / password reset poisoning. Evidence Following evidence shows Host Header Injection vulnerability. 

if i change the value of the "Host" header from "XX.com" to "YY.com" and forward the request. Observe that the application successfully redirected to YY.com.

how to resolve this issue?any idea.