Security Report - Open Redirect via HTML Injectio
a
abdelali
Hello,
I have identified a security issue related to Open Redirect using HTML Injection (HTMLi) in the name field of the profile section. Below are the steps to reproduce the issue:
Steps to Reproduce:
1. Go to your Profile Settings page.
2. Change your name to the following payload:
<a href="https://evil.com">ClickMe</a>
3. Save the changes.
4. Open a Private Window (Incognito Mode) and log in to the same account.
5. Return to the normal browser session and log in again.
6. Hoory sends an email notification with the following message:
Dear ClickMe,
Your session has expired. You have been logged out because your account was accessed from another device or browser. If this wasn't you, please secure your account immediately. Reset your password.
7. When clicking on “ClickMe” in the email, the user is redirected to evil.com, confirming the Open Redirect vulnerability.
Impact:
• An attacker could exploit this to redirect users to malicious websites, potentially leading to phishing attacks or malware distribution.
Best regards,
Abdelali chekiel
a
abdelali
Hossein Harutyun Hakobyan Milad Bonakdar hello any update on this, this is a séreux vulnérabilité !!
a
abdelali
Subject: Clarification on Open Redirect Behavior
Hello [Support/Security Team],
I wanted to follow up regarding the Open Redirect issue I reported. When clicking on the injected link in the email, the user is first redirected through:
Then, after a short delay, the user is automatically redirected to:
This confirms that the Open Redirect is being processed through SendGrid’s tracking system before forwarding to the final destination.
Could you please confirm if this is being reviewed by the security team, and whether this behavior is considered a valid security risk?
Looking forward to your response.
Best regards,
Abdelali Chekiel