The security expert Rafael Fontes Souza has discovered vulnerabilities in the website of Forbes. He decided to disclose them for educational purpose. The attacker uses an HTML injection attack to craft malicious link, including his injected HTML content, and send it to a user via email. The admins must take appropriate measures for their web applications in order to prevent these type of attacks as these can damage you more than you expect. The information mentioned here is for educational purposes, we arent responsible for what you do afterwards.”]
Source: https://securityaffairs.co/wordpress/38163/hacking/vulnerabilities-forbes.html