Description
The Action URL parameter for one HTML form from this page is dirrectly controlled by user input. The Action parameter specifies the website where the user-submitted information is being sent. An attacker can provide a website controlled by him for the form action parameter and send this malicious link to your users. Any user who will click that link and submit the vulnerable form will send his information to the attacker.
Remediation
Your script should properly sanitize user input.
References
Related Vulnerabilities
Squid Improper Input Validation Vulnerability (CVE-2014-7142)
TYPO3 Improper Input Validation Vulnerability (CVE-2014-9509)
Jboss EAP Improper Input Validation Vulnerability (CVE-2013-2185)
Plone CMS Improper Input Validation Vulnerability (CVE-2011-4462)
Roundcube Improper Input Validation Vulnerability (CVE-2011-1492)