Posted by RedTeam Pentesting GmbH on Mar 22
Advisory: Cross-site Scripting in Securimage 3.6.2
RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Securimage CAPTCHA software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.
Details
=======
Product: Securimage
Affected Versions: >= 3.2RC1
Fixed Versions: 3.6.4
Vulnerability Type: Cross-site Scripting
Security Risk: high
Vendor URL: https://www.phpcaptcha.org/
Vendor Status:…