CVE-2025-11435

Source
https://cve.org/CVERecord?id=CVE-2025-11435
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11435.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-11435
Published
2025-10-08T05:32:08.513Z
Modified
2026-07-08T07:34:19.895698149Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
JhumanJ OpnForm submissions cross site scripting
Details

A security vulnerability has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The identifier of the patch is a2af1184e53953afa8cb052f4055f288adcaa608. To fix this issue, it is recommended to deploy a patch.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11435.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-79",
        "CWE-94"
    ]
}
References

Affected packages

Git / github.com/OpnForm/OpnForm

Affected ranges

Type
GIT
Repo
https://github.com/OpnForm/OpnForm
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "1.9.0"
        },
        {
            "last_affected": "1.9.0"
        },
        {
            "introduced": "1.9.1"
        },
        {
            "last_affected": "1.9.1"
        },
        {
            "introduced": "1.9.2"
        },
        {
            "last_affected": "1.9.2"
        },
        {
            "introduced": "1.9.3"
        },
        {
            "last_affected": "1.9.3"
        }
    ]
}

Affected versions

1.*
1.9.0
1.9.1
1.9.2
1.9.3
v1.*
v1.9.0
v1.9.1
v1.9.2
v1.9.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11435.json"