Description

HTML Injection Leads to Open Redirection is a dangerous web security issue. Attackers inject malicious HTML code into vulnerable websites, allowing them to execute harmful scripts in users’ browsers. This may lead to unauthorized actions on users’ behalf and redirect them to malicious sites. Proper input validation and security measures are essential to prevent this threat.

#Step to reproduce

1. Navigate to the URL "http://192.168.2.107/admin_index.php" login as admin 
2. Select admins edit functionality from resources and click edit button 
3. Enter the html payload in to Custom notes and save 
4. Then now click on the view button as well as click close button , so at time we can see the website is redirected to malicious website 

Proof of Concept:

 https://drive.google.com/file/d/1nBGmDu2MrfCAT6WzQkMV_MRS3W4rImvC/view?usp=sharing