CVE-2021-20105

Name of the Vulnerable Software and Affected Versions Machform versions prior to 16

Description The issue is related to an open redirect vulnerability in the Safari init.php file of the Machform form creation editor. This vulnerability is caused by the improper sanitization of the ref parameter. Exploitation of this issue could allow a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations For versions prior to 16, update to version 16 or later to resolve the issue. As a temporary workaround, consider restricting access to the Safari init.php file or sanitizing the ref parameter to minimize the risk of exploitation.