2018-05-24 15:29:01 2019-02-27 21:41:42

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE