CVE-2025-64515
- EPSS 0.07%
- Veröffentlicht 18.11.2025 22:39:48
- Zuletzt bearbeitet 02.12.2025 20:39:24
Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not ...
CVE-2024-24771
- EPSS 0.1%
- Veröffentlicht 07.02.2024 15:15:08
- Zuletzt bearbeitet 21.11.2024 08:59:40
Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could pot...
CVE-2022-31041
- EPSS 0.19%
- Veröffentlicht 13.06.2022 13:15:13
- Zuletzt bearbeitet 21.11.2024 07:03:46
Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / E...
CVE-2022-31040
- EPSS 0.28%
- Veröffentlicht 13.06.2022 12:15:08
- Zuletzt bearbeitet 21.11.2024 07:03:46
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value....