01642 06 11 11 Arrange Call

Server Side Request Forgery in K2 SmartForms 4.6.11 via Modified Hostname in Identity STS Forms Scripts URL

CVE-2018-9920 · MEDIUM

CVE-2018-9920

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.

Learn more about our Web Application Penetration Testing UK.