Open Redirect in Open-formulieren Open-forms
CVE-2022-31040
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate…
Vulnerability class: Open Redirect
EPSS: 0.003 (51.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N.
Affected products
- Open-formulieren Open-forms — versions < 1.0.9, >= 1.1.0-rc0, < 1.1.1
Weakness classification (CWE)
References
- github.com/open-formulieren/open-forms/security/advisories/GHSA-c97h-m5qf-j8mf (x_refsource_CONFIRM)
- github.com/open-formulieren/open-forms/commit/3e8c9cce386e548765783354694fbb9d7… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-31040?
- CVE-2022-31040 is a high-severity vulnerability in Open-formulieren Open-forms, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 7.1/10. Published 2022-06-13.
- How severe is CVE-2022-31040?
- High severity. CVSS v3 base score is 7.1 out of 10.