Issue #2504141 by alexpott, tim.plunkett, larowlan, David_Rothstein, dawehner: Information disclosure/open redirect vulnerability via blocks that contain a form