5 matches found
CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template
Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...
CVE-2026-34206
Captcha Protect is a Traefik middleware that applies an anti-bot challenge per-subnet. Before v1.12.2, there is a reflected XSS in the challenge page where a client-supplied destination value is rendered with Go text/template (which lacks contextual HTML escaping). An attacker could craft a desti...
CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template
Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...
OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()
Summary An OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Details The vulnerability exists in...
GHSA-4QQC-MP5F-CCV4 Command Injection in bestzip
Versions of bestzip prior to 2.1.7 are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the zip function . This may allow attackers to execute arbitrary code in the system as long as the values of destination is user-controlled...