Hi....
During the assessment, it was observed that user input was directly reflected in the response without validation.
for example,
My URL: https://mydomain/theme/yui_combo.php
and if a hacker will try to edit this URL as below
https://please+go+to+evil.com&/theme/yui_combo.php
Can hackers hack or pass any information to the site?