MEDIUM🇬🇧 English

CVE-2026-28803

CVSS 6.5v3.1pub. 2026-03-11upd. 2026-03-17

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned. Attackers can guess a code or modify the received code to look up arbitrary submissions, after logging in (with DigiD/eHerkenning/... depending on form configuration). This vulnerability is fixed in 3.3.13 and 3.4.5.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Maykinmedia Open Forms

    APP
    Maykinmedia
    < 3.3.133.4.0 – 3.4.5 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-24771HIGH7.7ten sam produkt

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 conta...

CVE-2022-31040HIGH7.1ten sam produkt

Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the c...

CVE-2022-31041HIGH7.6ten sam produkt

Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one ...

CVE-2025-64515MEDIUM4.3ten sam produkt

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the pre...