Vulnerability in EPiServer.Forms
The forms frontend js code submits a form via ajax if configured. It determines if the submission is successful by examining the body's json for the property IsSuccessful. However, the encoding is camelCase, so the property is instead named isSuccessful. As a result the success message is not shown.