Opnform
Monthly
OpnForm versions up to 1.9.3 expose sensitive information through a timing-based discrepancy in the forgotten password handler endpoint (/api/password/email), allowing remote unauthenticated attackers to enumerate valid email addresses or extract partial account information with high attack complexity. The vulnerability is rooted in a Laravel framework issue (Laravel #46465) for which the vendor has taken no mitigation action. Publicly available exploit code exists, though EPSS scoring (0.04%) indicates low real-world exploitation likelihood despite theoretical exploitability.
OpnForm up to version 1.9.3 contains a cross-site request forgery vulnerability in an undisclosed API endpoint, though the practical exploitability is severely constrained by the vendor's mandatory use of JWT Bearer token authentication. The vulnerability requires an attacker to first obtain a valid JWT token through a separate XSS attack, which the vendor states has been mitigated in the product, making the CSRF itself a secondary concern rather than an independent attack vector. Publicly available exploit code exists, but real-world impact is minimal given the authentication and XSS mitigation barriers.
OpnForm versions up to 1.9.3 fail to properly restrict excessive authentication attempts when the X-Forwarded-For HTTP header is manipulated, allowing remote attackers to bypass rate-limiting controls. An attacker can exploit this by spoofing their source IP address through header manipulation to conduct brute-force attacks against user credentials without triggering account lockout mechanisms. Publicly available exploit code exists; however, the CVSS score of 2.9 and EPSS percentile of 35% indicate low real-world exploitation likelihood despite the public POC, suggesting this requires specific application configurations or deployment contexts to be practically exploitable.
Improper access controls in OpnForm versions up to 1.9.3 allow authenticated remote attackers to manipulate the /edit function, gaining unauthorized access to resources or functionality. The CVSS score of 2.1 reflects low severity due to authentication requirements and limited confidentiality impact, though the exploit has been publicly disclosed and an upstream patch is available. Real-world risk is minimal given the low EPSS score (0.03%, 8th percentile) despite public POC availability.
Missing authorization in OpnForm up to version 1.9.3 allows authenticated remote attackers to manipulate the /show/integrations endpoint, bypassing access controls and potentially exposing integration configurations with limited confidentiality impact. The vulnerability requires low-privilege authentication (PR:L per CVSS 4.0 vector), limiting its severity despite public exploit availability; EPSS score of 0.03% indicates minimal real-world exploitation likelihood despite POC publication.
Missing authorization in OpnForm up to version 1.9.3 allows authenticated remote attackers to access the /custom-domains API endpoint without proper permission checks, potentially enabling unauthorized configuration changes. The vulnerability affects unknown code handling custom domain management and is confirmed to have publicly available exploit code, though with a low CVSS score (2.1) and minimal exploitation probability (EPSS 0.04%), indicating limited real-world risk despite the authentication bypass nature.
Cross-site scripting vulnerability in JhumanJ OpnForm up to version 1.9.3 allows authenticated remote attackers with high privileges to inject malicious scripts via the Form Editor component at /api/open/forms/. The vulnerability requires user interaction to trigger and is mitigated by default when users configure their own domain. Publicly available exploit code exists, though real-world risk is severely constrained by the high privilege requirement, user interaction dependency, and vendor's default mitigation posture (CVSS 1.9, EPSS 0.03%).
Unrestricted file upload in JhumanJ OpnForm through version 1.9.3 allows authenticated users to bypass upload restrictions via the /answer endpoint, resulting in unauthorized file storage with limited confidentiality and integrity impact. The vulnerability requires valid authentication and has a publicly available exploit with low real-world exploitation probability (EPSS 0.05%), but the combination of low CVSS (2.1), authentication requirement, and limited impact suggests this is not a critical priority despite public exploit availability.
Stored cross-site scripting (XSS) in JhumanJ OpnForm up to version 1.9.3 allows remote attackers to inject malicious scripts via the /show/submissions endpoint, affecting all users who view affected submissions. The vulnerability requires user interaction (UI:P) to trigger but carries low integrity impact (VI:L). Public exploit code exists, and a patch has been released; however, the CVSS 2.1 score and 0.05% EPSS percentile indicate limited real-world exploitation despite public disclosure.
OpnForm versions up to 1.9.3 expose sensitive information through a timing-based discrepancy in the forgotten password handler endpoint (/api/password/email), allowing remote unauthenticated attackers to enumerate valid email addresses or extract partial account information with high attack complexity. The vulnerability is rooted in a Laravel framework issue (Laravel #46465) for which the vendor has taken no mitigation action. Publicly available exploit code exists, though EPSS scoring (0.04%) indicates low real-world exploitation likelihood despite theoretical exploitability.
OpnForm up to version 1.9.3 contains a cross-site request forgery vulnerability in an undisclosed API endpoint, though the practical exploitability is severely constrained by the vendor's mandatory use of JWT Bearer token authentication. The vulnerability requires an attacker to first obtain a valid JWT token through a separate XSS attack, which the vendor states has been mitigated in the product, making the CSRF itself a secondary concern rather than an independent attack vector. Publicly available exploit code exists, but real-world impact is minimal given the authentication and XSS mitigation barriers.
OpnForm versions up to 1.9.3 fail to properly restrict excessive authentication attempts when the X-Forwarded-For HTTP header is manipulated, allowing remote attackers to bypass rate-limiting controls. An attacker can exploit this by spoofing their source IP address through header manipulation to conduct brute-force attacks against user credentials without triggering account lockout mechanisms. Publicly available exploit code exists; however, the CVSS score of 2.9 and EPSS percentile of 35% indicate low real-world exploitation likelihood despite the public POC, suggesting this requires specific application configurations or deployment contexts to be practically exploitable.
Improper access controls in OpnForm versions up to 1.9.3 allow authenticated remote attackers to manipulate the /edit function, gaining unauthorized access to resources or functionality. The CVSS score of 2.1 reflects low severity due to authentication requirements and limited confidentiality impact, though the exploit has been publicly disclosed and an upstream patch is available. Real-world risk is minimal given the low EPSS score (0.03%, 8th percentile) despite public POC availability.
Missing authorization in OpnForm up to version 1.9.3 allows authenticated remote attackers to manipulate the /show/integrations endpoint, bypassing access controls and potentially exposing integration configurations with limited confidentiality impact. The vulnerability requires low-privilege authentication (PR:L per CVSS 4.0 vector), limiting its severity despite public exploit availability; EPSS score of 0.03% indicates minimal real-world exploitation likelihood despite POC publication.
Missing authorization in OpnForm up to version 1.9.3 allows authenticated remote attackers to access the /custom-domains API endpoint without proper permission checks, potentially enabling unauthorized configuration changes. The vulnerability affects unknown code handling custom domain management and is confirmed to have publicly available exploit code, though with a low CVSS score (2.1) and minimal exploitation probability (EPSS 0.04%), indicating limited real-world risk despite the authentication bypass nature.
Cross-site scripting vulnerability in JhumanJ OpnForm up to version 1.9.3 allows authenticated remote attackers with high privileges to inject malicious scripts via the Form Editor component at /api/open/forms/. The vulnerability requires user interaction to trigger and is mitigated by default when users configure their own domain. Publicly available exploit code exists, though real-world risk is severely constrained by the high privilege requirement, user interaction dependency, and vendor's default mitigation posture (CVSS 1.9, EPSS 0.03%).
Unrestricted file upload in JhumanJ OpnForm through version 1.9.3 allows authenticated users to bypass upload restrictions via the /answer endpoint, resulting in unauthorized file storage with limited confidentiality and integrity impact. The vulnerability requires valid authentication and has a publicly available exploit with low real-world exploitation probability (EPSS 0.05%), but the combination of low CVSS (2.1), authentication requirement, and limited impact suggests this is not a critical priority despite public exploit availability.
Stored cross-site scripting (XSS) in JhumanJ OpnForm up to version 1.9.3 allows remote attackers to inject malicious scripts via the /show/submissions endpoint, affecting all users who view affected submissions. The vulnerability requires user interaction (UI:P) to trigger but carries low integrity impact (VI:L). Public exploit code exists, and a patch has been released; however, the CVSS 2.1 score and 0.05% EPSS percentile indicate limited real-world exploitation despite public disclosure.