HIGH🇬🇧 English

CVE-2022-31040

CVSS 7.1v3.1pub. 2022-06-13upd. 2024-11-21

Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
  • Maykinmedia Open Forms

    APP
    Maykinmedia
    1.10< 1.0.9
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-24771HIGH7.7ten sam produkt

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 conta...

CVE-2022-31041HIGH7.6ten sam produkt

Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one ...

CVE-2026-28803MEDIUM6.5ten sam produkt

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the c...

CVE-2025-64515MEDIUM4.3ten sam produkt

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the pre...