Description
A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is beb153ce52dceb971c1518f98333328c95f1ba20. It is best practice to apply a patch to resolve this issue.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
https://vuldb.com/?id.327375
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.327375
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.666879
Exploit, Third Party Advisory exploit
https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.gm61tyll8uys
Patch issue-tracking
patch
https://github.com/JhumanJ/OpnForm/pull/900/commits/beb153ce52dceb971c1518f98333328c95f1ba20
Scores
CVSS v3
6.3
EPSS
0.0029
EPSS Percentile
20.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
CWE-863
Status
published
Products (1)
jhumanj/opnform
< 1.9.3
Published
Oct 08, 2025
Tracked Since
Feb 18, 2026