CVE-2025-11442

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3

Description A security flaw exists in JhumanJ OpnForm. The issue involves an unknown function within the component’s API Endpoint and can lead to cross-site request forgery. The attack can be initiated remotely. While the vendor indicates API calls require authentication via Authorization Bearer Tokens, mitigating classic CSRF attacks, an attacker could exploit the flaw if they obtain the JWT through other means, such as cross-site scripting (XSS). The exploit has been publicly released.

Recommendations Versions prior to 1.9.3 should be used.