<a href=http://192.168.2.46:8000/hacked.html>HTML Injection</a>
Under /dashboard/show#/tickets/newTicket create a ticket with the above-mentioned HTML
Click “Save & Close”
When a user clicks the “HTML Injection” To-do they will be redirected to an attacker-controlled domain. In the example below, they are directed to a login page which could be used to phish their credentials.
