| Titolo | GitHub OpnForm 1.9.3 Cross-Site Request Forgery |
|---|
| Descrizione | Title: Cross-Site Request Forgery on all API endpoints
Description: CSRF attacks are possible on all API endpoints. An attacker would require a valid token in order to conduct the attack. Although this vulnerability appears to be benign due to requiring a valid JWT for authentication, it can be executed in a chain with the aforementioned XSS vulnerabilities.
Please see the attached Google Doc link for more information under 4. Cross-Site Request Forgery on all API endpoints and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: N/A |
|---|
| Fonte | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.w5b1nllxwvdq |
|---|
| Utente | balejin (UID 89385) |
|---|
| Sottomissione | 01/10/2025 21:12 (9 mesi fa) |
|---|
| Moderazione | 07/10/2025 15:17 (6 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 327379 [JhumanJ OpnForm fino a 1.9.3 API Endpoint cross site request forgery] |
|---|
| Punti | 20 |
|---|