Description
A HTML form was found in this page that looks susceptible to spam attacks. The form has a hidden input form with an email address as value. This is usually an indication that the recipient of an email sending form is hardcoded in a hidden input form. If that's the case this allows malicious users to send email messages using your server without authorization by changing the input value. A malicious spammer could use this tactic to send large numbers of messages anonymously.
Remediation
The recipient of a email sending form should not be hardcoded in a hidden input value because hidden inputs are controlled by the client. The value should be set on the server side.
References
Related Vulnerabilities
WordPress Improper Input Validation Vulnerability (CVE-2011-4957)
Jboss EAP Improper Input Validation Vulnerability (CVE-2016-3110)
Jboss EAP Improper Input Validation Vulnerability (CVE-2018-1000873)
phpBB Improper Input Validation Vulnerability (CVE-2019-9826)
Squid Improper Input Validation Vulnerability (CVE-2014-3609)