Lucene search
K
JhumanjOpnform

9 matches found

CVE
CVE
added 2025/10/08 5:32 a.m.21 views

CVE-2025-11436

CVE-2025-11436 affects JhumanJ OpnForm up to version 1.9.3, where an unrestricted upload vulnerability exists in the /answer functionality. This allows remote attackers to upload arbitrary files, with the attack vector described as NETWORK and the impact including potential compromise of confiden...

8.8CVSS6.5AI score0.00348EPSS
CVE
CVE
added 2025/10/08 5:32 a.m.18 views

CVE-2025-11435

The CVE-2025-11435 issue affects JhumanJ OpnForm up to version 1.9.3. A cross-site scripting vulnerability exists in an unknown functionality of the file /show/submissions. The attack can be initiated remotely and the exploit has been publicly disclosed. A patch is identified by the patch ID a2af...

6.1CVSS5.5AI score0.00364EPSS
CVE
CVE
added 2025/10/08 7:2 a.m.18 views

CVE-2025-11440

JhumanJ OpnForm up to version 1.9.3 is affected by a vulnerability in an unknown function at the /edit endpoint that can lead to improper access controls. The issue is exploitable remotely and has publicly disclosed exploits. A patch is available: b15e29021d326be127193a5dbbd528c4e37e6324. Apply t...

5.3CVSS6.4AI score0.00325EPSS
CVE
CVE
added 2025/10/08 7:2 a.m.18 views

CVE-2025-11441

The CVE-2025-11441 entry affects JhumanJ OpnForm (up to v1.9.3). The vulnerability lies in the HTTP Header Handler component, where manipulating the X-Forwarded-For parameter can lead to improper restriction of excessive authentication attempts. Impact is remote, with network attack vector, high ...

6.3CVSS6.5AI score0.00618EPSS
CVE
CVE
added 2025/10/08 7:32 a.m.18 views

CVE-2025-11443

CVE-2025-11443 affects JhumanJ OpnForm up to v1.9.3. The issue lies in the Forgotten Password Handler’s /api/password/email function, enabling information exposure via discrepancy. The attack can be initiated remotely with high complexity; exploit is publicly available. The vulnerability is linke...

6.3CVSS6.1AI score0.00522EPSS
Web
CVE
CVE
added 2025/10/08 6:32 a.m.17 views

CVE-2025-11438

Summary of CVE-2025-11438 (JhumanJ OpnForm) : Affects OpnForm up to 1.9.3. The vulnerability is a missing authorization check in the API endpoint component, specifically in the /custom-domains file/endpoint, allowing unauthorized manipulation of custom-domain settings. Exploitation is possible re...

6.5CVSS6.3AI score0.00295EPSS
CVE
CVE
added 2025/10/08 7:32 a.m.17 views

CVE-2025-11442

CVE-2025-11442 affects JhumanJ OpnForm up to version 1.9.3. The vulnerability is a CSRF in an API Endpoint, with remote attack potential. The vendor notes that API calls require Authorization Bearer Tokens, which mitigates classic CSRF, but exploitation could occur if an attacker obtains a JWT vi...

5.3CVSS5.7AI score0.00292EPSS
CVE
CVE
added 2025/10/08 6:2 a.m.15 views

CVE-2025-11437

CVE-2025-11437 affects JhumanJ OpnForm ≤1.9.3, specifically the Form Editor’s /api/open/forms component. The issue enables cross-site scripting via that file, with remote initiation possible. Exploitation has been published and may be used in the wild. The vendor states the vulnerable feature is ...

4.8CVSS5.2AI score0.00272EPSS
CVE
CVE
added 2025/10/08 6:32 a.m.14 views

CVE-2025-11439

CVE-2025-11439 targets JhumanJ OpnForm before or up to 1.9.3. Affected component is the file handling path /show/integrations, where manipulation can bypass authorization, enabling remote exploitation. Public exploit appears available. The known fix/patch is identified as 11d97d78f2de2cb49f79baed...

5.3CVSS4.6AI score0.00325EPSS