Vulnerable parameter: ████████
go to https://████?█████=/%0a/example.com
and login, you will be ██████ected to https://example.com
this can be used by an Attacker to ██████ect an user to unsafe pages
Eg: to a page looks like Invision login page exactly and let them login on a fake page to steal email and password
in hex '%0a' means "Return" another URL https://████████?█████=/%0d/example.com '%0d' can █████████ect to example.com too Thank You!