1. Open-Redirect Risk in Form Handler: Admin-Configured Redirects Can Be Weaponized via User-Controlled Merge Tags
A critical open-redirect vulnerability has been identified in a form submission handler, where admin-configured redirect URLs can be hijacked by end-users. The flaw stems from the system's `renderMergeTags` function, which expands merge tags like `{{fieldId}}` within the `form.settings.redirectUrl` property. This funct...