Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned. Attackers can guess a code or modify the received code to look up arbitrary submissions, after logging in (with DigiD/eHerkenning/... depending on form configuration). This vulnerability is fixed in 3.3.13 and 3.4.5.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NMaykinmedia Open Forms
APPMaykinmedia< 3.3.133.4.0 – 3.4.5 (bez)
Powiązane podatności
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 conta...
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the c...
Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one ...
Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the pre...