| Название | GitHub OpnForm 1.9.3 Cross Site Scripting |
|---|
| Описание | Title: Unauthenticated Stored XSS on Form Text Input in v1.9.3
Description: XSS is possible on form input under the Text Input Block which allows an unauthenticated attacker that knows the form URL to submit arbitrary JS. An authenticated victim would have to view the form submission under /show/submissions endpoint to trigger the malicious JS.
The vulnerability has confirmed by the vendor to have been patched in v1.9.3 main branch with commit a2af1184e53953afa8cb052f4055f288adcaa608.
Please see the attached Google Doc link for more information under 1. Unauthenticated Stored XSS on Form Text Input and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: https://github.com/JhumanJ/OpnForm/pull/900/commits/a2af1184e53953afa8cb052f4055f288adcaa608 |
|---|
| Источник | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?usp=sharing |
|---|
| Пользователь | balejin (UID 89385) |
|---|
| Представление | 01.10.2025 20:52 (9 месяцы назад) |
|---|
| Модерация | 07.10.2025 15:17 (6 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 327372 [JhumanJ OpnForm до 1.9.3 /show/submissions межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|