JhumanJ OpnForm Form Editor forms cross site scripting

A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. This issue is currently under review for additional handling. As of right now the vendor has stated that the feature is disabled until the user has configured their own domain which will mitigate this attack vector.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

OpnForm 代码注入漏洞

OpnForm是Julien Nahum个人开发者的一个表单生成器。 OpnForm 1.9.3及之前版本存在代码注入漏洞，该漏洞源于对文件/api/open/forms中组件Form Editor的错误操作，可能导致跨站脚本攻击。

N/A

N/A