| タイトル | GitHub OpnForm 1.9.3 Cross Site Scripting |
|---|
| 説明 | Title: Unauthenticated Stored XSS on Form Text Input in v1.9.3
Description: XSS is possible on form input under the Text Input Block which allows an unauthenticated attacker that knows the form URL to submit arbitrary JS. An authenticated victim would have to view the form submission under /show/submissions endpoint to trigger the malicious JS.
The vulnerability has confirmed by the vendor to have been patched in v1.9.3 main branch with commit a2af1184e53953afa8cb052f4055f288adcaa608.
Please see the attached Google Doc link for more information under 1. Unauthenticated Stored XSS on Form Text Input and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: https://github.com/JhumanJ/OpnForm/pull/900/commits/a2af1184e53953afa8cb052f4055f288adcaa608 |
|---|
| ソース | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?usp=sharing |
|---|
| ユーザー | balejin (UID 89385) |
|---|
| 送信 | 2025年10月01日 20:52 (9 月 ago) |
|---|
| モデレーション | 2025年10月07日 15:17 (6 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 327372 [JhumanJ OpnForm 迄 1.9.3 /show/submissions クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|