id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1331 HYPERLINK INJECTION/EMAIL INJECTION orthonviper@… "Hello@team, Nginx is such a trusted website.It is famous for the security nginx is providing the customers.But there is a bug in the signup form where attacker can inject malicious links(html)and effect any user whim they targeted through email id.This results in the bad reputation to the company. BUG DESCRIPTION: Email injection is a security vulnerability that can occur in Internet applications that are used to send email messages. It is the email equivalent of HTTP Header Injection. Steps to reproduce: 1.go to url : https://www.nginx.com 2.now click on free trial 3.fill up the sign up form b giving first names with malicious link or html code, example : --> go to this link https://example.com --> click here for pass 4.now give the victims email id and submit the form 5.the victim will get mails from NGINX with malicious link injected Kindly find the attached images for better understanding. " defect closed major other 1.10.x invalid BUG orthonviper@gmail.com 1.10.3