HIGH🇵🇱 Wersja polska

CVE-2022-31040

CVSS 7.1v3.1pub. 2022-06-13upd. 2024-11-21

Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
  • Maykinmedia Open Forms

    APP
    Maykinmedia
    1.10< 1.0.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-24771HIGH7.7ten sam produkt

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 conta...

CVE-2022-31041HIGH7.6ten sam produkt

Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one ...

CVE-2026-28803MEDIUM6.5ten sam produkt

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the c...

CVE-2025-64515MEDIUM4.3ten sam produkt

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the pre...