| tiêu đề | GitHub OpnForm 1.9.3 Unrestricted Upload |
|---|
| Mô tả | Title: Unrestricted File Upload Allows Arbitrary Files to Execute Malicious Javascript
Description: Unrestricted file upload exists on the file upload and signature blocks that allow an attacker to upload HTML and SVG files containing malicious JS. The malicious JS is then executed when a victim opens the file in a new tab.
The vulnerability has confirmed by the vendor to have been patched in v1.9.3 main branch with commit 95c3e23856465d202e6aec10bdb6ee0688b5305a.
Please see the attached Google Doc link for more information under 2. Unrestricted File Upload Allows Arbitrary Files to Execute Malicious JavaScript and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: https://github.com/JhumanJ/OpnForm/pull/900/commits/95c3e23856465d202e6aec10bdb6ee0688b5305a |
|---|
| Nguồn | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.dm5ttliupfqn |
|---|
| Người dùng | balejin (UID 89385) |
|---|
| Đệ trình | 01/10/2025 20:54 (cách đây 9 các tháng) |
|---|
| Kiểm duyệt | 07/10/2025 15:17 (6 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 327373 [JhumanJ OpnForm đến 1.9.3 /answer nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|