| Titel | GitHub OpnForm 1.9.3 Cross-Site Request Forgery |
|---|
| Beschreibung | Title: Cross-Site Request Forgery on all API endpoints
Description: CSRF attacks are possible on all API endpoints. An attacker would require a valid token in order to conduct the attack. Although this vulnerability appears to be benign due to requiring a valid JWT for authentication, it can be executed in a chain with the aforementioned XSS vulnerabilities.
Please see the attached Google Doc link for more information under 4. Cross-Site Request Forgery on all API endpoints and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: N/A |
|---|
| Quelle | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.w5b1nllxwvdq |
|---|
| Benutzer | balejin (UID 89385) |
|---|
| Einreichung | 01.10.2025 21:12 (vor 9 Monaten) |
|---|
| Moderieren | 07.10.2025 15:17 (6 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 327379 [JhumanJ OpnForm bis 1.9.3 API Endpoint Cross Site Request Forgery] |
|---|
| Punkte | 20 |
|---|