3 matches found
CVE-2018-9920
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https:///Identity/STS/Forms/Scripts URL...
CVE-2018-9920
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https:///Identity/STS/Forms/Scripts URL...
CVE-2018-9920
K2 Smartforms 4.6.11 is affected by a server-side request forgery (SSRF) vulnerability. The issue arises in the runtime application when a modified hostname in the URL https://*/Identity/STS/Forms/Scripts allows an attacker to redirect the application to an external domain, manipulating data rend...