Yes, this clearly needs an advisory (lack of validation, enabling credential and content disclosure to a MitM attacker).
Yes, this clearly needs an advisory (lack of validation, enabling credential and content disclosure to a MitM attacker).