Vulnerabilities > K2 > Smartforms

DATE CVE VULNERABILITY TITLE RISK
2018-05-24 CVE-2018-9920 Server-Side Request Forgery (SSRF) vulnerability in K2 Smartforms 4.6.11
Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL.
network
low complexity
k2 CWE-918
6.4