HTML injection through Invite Teammate email

## Summary: I found HTML injection on domain https://platform.securityscorecard.io/ when we send invite teammate email. In this case "message" parameter is vulnerable. ## Steps To Reproduce: 1. Go to page ( https://platform.securityscorecard.io/ ) and login. 2. Now go to page https://platform.securityscorecard.io/#/scorecard/wearehackerone.com/factors . Click on "Invite Teammate". 3. Fill the details first-last name, email and put below payload in "message" parameter "><h1>HTML INJECTION</h1><a href="evil.com">Click me</a> 4. Now when invited teammate see email , he will see executed html in email . Video is attached as poc. ## Impact 1) Attacker could redirect users and control them easily . 2) Could steal the credentials .