Greenbone Security Assistant (GSA) prior to 7.0.3 and Greenbone OS (GOS) prior to 5.0.0 allow Host Header Injection.
greenbone greenbone security assistant
greenbone greenbone os