Error Page Text Injection

Hello Yelp team, Description : An attacker is able to inject his own text into error page and can fool the victim to visit his own malicious site. Please take a look at attached document, it contains POC as well as attack scenario about how the attacker can exploit this vulnerability and mitigation. POC URL: https://biz.yelp.com/%0A%0D*%20The%20web%20page%20you%20are%20trying%20to%20access%20has%20been%20moved%20to%20https://login.yelp.biz%20*/ OR https://[email protected]/LBwo5y Regards, Rohit