[RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2

March 22, 2016 007admin Leave a comment

Posted by RedTeam Pentesting GmbH on Mar 22

Advisory: Cross-site Scripting in Securimage 3.6.2

RedTeam Pentesting discovered a cross-site scripting (XSS) vulnerability
in the Securimage CAPTCHA software, which allows attackers to inject
arbitrary JavaScript code via a crafted URL.

Details
=======

Product: Securimage
Affected Versions: >= 3.2RC1
Fixed Versions: 3.6.4
Vulnerability Type: Cross-site Scripting
Security Risk: high
Vendor URL: https://www.phpcaptcha.org/
Vendor Status:…

007 Software

[RT-SA-2016-002] Cross-site Scripting in Securimage 3.6.2

Leave a Reply Cancel reply

Software and Security Information