MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2025-64515

CVSS 4.3v3.1pub. 2025-11-18upd. 2025-12-02

Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields are marked as readonly and cannot be modified through the user interface. This issue has been patched in versions 3.2.7 and 3.3.3.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • Maykinmedia Open Forms

    APP
    Maykinmedia
    < 3.2.73.3.0 – 3.3.3 (bez)
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-24771HIGH7.7ten sam produkt

Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 conta...

CVE-2022-31040HIGH7.1ten sam produkt

Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the c...

CVE-2022-31041HIGH7.6ten sam produkt

Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one ...

CVE-2026-28803MEDIUM6.5ten sam produkt

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the c...

CVE-2025-64515 β€” Maykinmedia β€” Open Forms β€” MEDIUM β€” CVSS 4.3 | CVEbaza.pl