flask-session-captcha 代码问题漏洞

flask-session-captcha is a captcha implementation of flask by the individual developer Joakim Uddholm in Germany. A security vulnerability exists in versions of flask-session-captcha prior to 1.2.1, which stems from the fact that the captcha.validate function returns None if no value is passed, a...

CVE-2016-8600

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later...