VYPR

Open Forms

by Open Forms

CVEs (4)

  • CVE-2024-24771HigFeb 7, 2024
    risk 0.50cvss 7.7epss 0.01

    Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the…

  • CVE-2025-64515Nov 18, 2025
    risk 0.00cvss epss 0.00

    Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular…

  • CVE-2022-31041HigJun 13, 2022
    risk 0.00cvss 7.6epss 0.01

    Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input…

  • CVE-2022-31040HigJun 13, 2022
    risk 0.00cvss 7.1epss 0.01

    Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to…