The flaw existed in Typeform’s Zendesk Sell app integration could let attackers quietly redirect form submissions with potentially sensitive data to themselves. The vulnerability was discovered by a bug bounty hunter about six months ago and patched two months ago. Typeform confirmed that they had patched the flaw earlier in a statement. The fix to the vulnerability in this vulnerability was implemented in July 2020, a Typeform spokesperson told BleepingComputer. The fix is expected to be implemented by the platform in August 2020.
Source: https://www.bleepingcomputer.com/news/security/typeform-fixes-zendesk-sell-form-data-hijacking-vulnerability/