| عنوان | GitHub OpnForm 1.9.3 Cross Site Scripting |
|---|
| الوصف | Title: Unauthenticated Stored XSS on Form Text Input in v1.9.3
Description: XSS is possible on form input under the Text Input Block which allows an unauthenticated attacker that knows the form URL to submit arbitrary JS. An authenticated victim would have to view the form submission under /show/submissions endpoint to trigger the malicious JS.
The vulnerability has confirmed by the vendor to have been patched in v1.9.3 main branch with commit a2af1184e53953afa8cb052f4055f288adcaa608.
Please see the attached Google Doc link for more information under 1. Unauthenticated Stored XSS on Form Text Input and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: https://github.com/JhumanJ/OpnForm/pull/900/commits/a2af1184e53953afa8cb052f4055f288adcaa608 |
|---|
| المصدر | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?usp=sharing |
|---|
| المستخدم | balejin (UID 89385) |
|---|
| ارسال | 01/10/2025 08:52 PM (9 أشهر منذ) |
|---|
| الاعتدال | 07/10/2025 03:17 PM (6 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 327372 [JhumanJ OpnForm حتى 1.9.3 /show/submissions البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|