Captcha Bypass on login

Description So if we login incorrectly multiple times, we get captcha. Each captcha has "captchaid" and solve "captchacode" For example: "captchacode":"8awt" "captchaid":"7nToXDrT6SkJ2BJxKG1u" You can use same captcha code and captcha id in login without any problem Captcha is generated with -...

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...