Starbucks: Host header injection/redirection via newsletter signup

Good evening, There's a host header injection vulnerability via all newsletter signups in the referrer attribute. This works with all pages that have "Join our email list" signup boxes. Since the referrer attribute can be changed to an outside domain the email being received redirects all links...