In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Dotcms |
Dotcms |
3.2.1 (including) |
3.2.1 (including) |
References