Description

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.

Remediation

References

CVE-2016-8600

Related Vulnerabilities

WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-0213)

XWiki Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2022-24819)

OpenSSL Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-0778)

WordPress Plugin Tutor LMS Elementor Addons Cross-Site Scripting (2.1.3)

Severity

High

Classification

CVE-2016-8600 CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities