The extension fails to properly encode user input for output in HTML context. The issue is only exploitable by backend users with access to TypoScript settings of the extension.
CPE | Name | Operator | Version |
---|---|---|---|
jh_captcha | le | 2.1.3 | |
jh_captcha | ge | 3.0.2 | |
jh_captcha | le | 3.0.0 |