CVE-2025-11435

LOW EPSS 27.5%
Published Oct 8, 20258mo ago · Modified Jun 17, 20261w ago
2.1 CVSS 4.0
Low
Find Similar
Published Oct 8, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

A security vulnerability has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The identifier of the patch is a2af1184e53953afa8cb052f4055f288adcaa608. To fix this issue, it is recommended to deploy a patch.

CVSS Details

Base Score
2.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
27.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection
CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 1

VendorProductVersionRange
jhumanjopnform* ≤1.9.3

References 5

  • docs.google.com https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?usp=sharing
    ExploitThird Party Advisory
  • github.com https://github.com/JhumanJ/OpnForm/pull/900/commits/a2af1184e53953afa8cb052f4055f288adcaa608
    Patch
  • vuldb.com https://vuldb.com/?ctiid.327372
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.327372
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.666876
    Third Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/JhumanJ/OpnForm/pull/900/commits/a2af1184e53953afa8cb052f4055f288adcaa608
    Patch