Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Redirect in open-forms
Vulnerability Description
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
Open Forms 输入验证错误漏洞
Vulnerability Description
Open Forms是Open Formulieren开源的一种智能动态表格。用于快速创建通过 API 公开的强大而智能的表单。 Open Forms 1.0.9之前版本、1.1.1之前版本存在安全漏洞。攻击者利用该漏洞通过注入一个 `referer` 查询字符串参数将用户重定向到他们控制的网站。
CVSS Information
N/A
Vulnerability Type
N/A