id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1331	HYPERLINK INJECTION/EMAIL INJECTION	orthonviper@…		"Hello@team,

Nginx is such a trusted website.It is famous for the security nginx is providing the customers.But there is a bug in the signup form where attacker can inject malicious links(html)and effect any user whim they targeted through email id.This results in the bad reputation to the company.

BUG DESCRIPTION: 
Email injection is a security vulnerability that can occur in Internet applications that are used to send email messages. It is the email equivalent of HTTP Header Injection.

Steps to reproduce:
1.go to url : https://www.nginx.com
2.now click on free trial
3.fill up the sign up form b giving first names with malicious link or html code,
example :
--> go to this link https://example.com
--> <a href=""//bf.am"">click here for pass</a>

4.now give the victims email id and submit the form
5.the victim will get mails from NGINX with malicious link injected 

Kindly find the attached images for better understanding.
"	defect	closed	major		other	1.10.x	invalid	BUG		orthonviper@gmail.com	1.10.3