CVE-2018-9920

K2 Smartforms 4.6.11 is affected by a server-side request forgery (SSRF) vulnerability. The issue arises in the runtime application when a modified hostname in the URL https://*/Identity/STS/Forms/Scripts allows an attacker to redirect the application to an external domain, manipulating data rend...