Invicti identified a CRLF (new line) HTTP header injection.
This means the input goes into HTTP headers without proper input filtering.
Depending on the application, an attacker might carry out the following types of attacks:
Do not allow newline characters in input. Where possible, use strict whitelisting.
Crafting the attack to exploit this issue is not a complex process. However, most unsophisticated attackers will not know that such an attack is possible. Also, an attacker needs to reach his victim by e-mail or other similar method in order to entice them to visit the site or click on a URL.
You can search and find all vulnerabilities