| 제목 | GitHub OpnForm 1.9.3 Cross-Site Request Forgery |
|---|
| 설명 | Title: Cross-Site Request Forgery on all API endpoints
Description: CSRF attacks are possible on all API endpoints. An attacker would require a valid token in order to conduct the attack. Although this vulnerability appears to be benign due to requiring a valid JWT for authentication, it can be executed in a chain with the aforementioned XSS vulnerabilities.
Please see the attached Google Doc link for more information under 4. Cross-Site Request Forgery on all API endpoints and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: N/A |
|---|
| 원천 | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.w5b1nllxwvdq |
|---|
| 사용자 | balejin (UID 89385) |
|---|
| 제출 | 2025. 10. 01. PM 09:12 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 07. PM 03:17 (6 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 327379 [JhumanJ OpnForm 까지 1.9.3 API Endpoint 교차 사이트 요청 위조] |
|---|
| 포인트들 | 20 |
|---|