Server Side Request Forgery in K2 SmartForms 4.6.11 via Modified Hostname in Identity STS Forms Scripts URL
CVE-2018-9920 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:P/A:N
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.
Learn more about our Web Application Penetration Testing UK.