Server Side Request Forgery in K2 SmartForms 4.6.11 via Modified Hostname in Identity STS Forms Scripts URL

Server Side Request Forgery in K2 SmartForms 4.6.11 via Modified Hostname in Identity STS Forms Scripts URL

CVE-2018-9920 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.

Learn more about our Web Application Penetration Testing UK.