HackerOne: Lack of input sanitization in Marketo form leads to execution of HTML in lead emails

Hi, There is SSRF vulnerability due to img tag injection in "Contact HackerOne Sales" form. Since vulnerability triggers after 18-20 minutes so I am not sure which site it affects. It might affect hackerone or marketo. So I thought it would be better to report it first on hackerone. POC 1. Naviga...