DIA Backend API Vulnerability Exposes Users to Open Redirect Phishing Attacks

A critical security flaw in the DIA platform allows attackers to redirect users to arbitrary malicious websites. The vulnerability resides in the `redirectToExternalUrl()` method, which accepts an external URL from the backend API and passes it directly to the browser without any validation, domain allowlisting, or protocol checks. An attacker capable of manipulating the backend response—through a man-in-the-middle attack, API injection, or a compromised backend—can hijack this flow to send users to phishing sites or other harmful destinations.

The vulnerable code is located in `src/app/features/home/details/actions/action-details/action-details.page.ts` (lines 378-382). The method takes the `url` parameter from `action.ext_action_destination_text` and concatenates it with session identifiers (`cid` and `order_id`) before opening it. This lack of sanitization creates a direct pipeline for exploitation, turning a trusted application feature into a potential attack vector.

The primary impact is a significant phishing risk, where users could be directed to convincing fake login pages or malware-hosting sites, with the attack leveraging the platform's own trusted context. This vulnerability underscores a critical failure in the security chain, where frontend trust is placed entirely on unvalidated backend data. It places immediate pressure on the development and security teams to implement strict URL validation, protocol enforcement, and domain allowlisting before any external redirection is permitted.