Client had an event over a couple of hours of getting blank form submissions.
They had hit most of their forms on the site - weird thing is we have Recaptcha v3 on the forms and required fields.
I assume Umbraco forms re-checks for mandatory fields server side - so I’m at a loss to explain how these are getting into the entries and being stored.
Is anyone else seeing an attack like this - perhaps there’s a new vulnerability in forms or someone has found something in a custom bit of code we’ve got that is breaking the serverside checks?
Could it be sanitised submissions. So there is content in the forms, then script tags and containing script is being stripped but still stored in the Umbraco Forms entries table?
It’s about the only thing I can think of that can explain how it’s bypassing the required flags and passing the validation front end back end!?
I hope the required validation has been applied to the fields in Umbraco Forms backoffice, and if the issue is still happening, maybe adjusting the Recaptcha v3 score threshold could help resolve it!
Did you ever work out what was causing your empty submissions?
We’re having the same problem with one of our forms and are currently stumped as to what’s causing it. The form in question has mandatory fields and a reCAPTCHA v2 checkbox, yet the submission emails and backoffice entries are empty.
Even more strange is that we have over 50 forms across various websites, and no other business has reported this issue, so it seems to be isolated to one form for us (as far as we’re aware).
We’re on Umbraco v13.9.2 running Umbraco Forms v13.5.0.
Sorry for the delay in getting back to you. From memory it was linked to forms that had conditional fields (e.g. if yes ./ no = yes show this section).
I think I spotted it broke the front end validation in some way. My memory is screwed but I suspect I added some custom script. I’ll have a dig in the repo and see if I can find it.
My emails at the time were:
”The blank issue not being blocked on the front end is an Umbraco forms bug where the validation is seemingly bypassed if you use conditional fields.”
The fix I put it was to do with a custom workflow - basically dropping blank submissions so their CRM didn’t fill up / error.
I never looked at the Umbraco forms issue and certainly didn’t raise a bug but I suspect there’s an issue in the validation. If you can recreate it and raise an issue I’m sure it will get fixed.
