CVE-2009-10001

Name of the Vulnerable Software and Affected Versions jianlinwei cool-php-captcha versions up to 0.2

Description A problematic vulnerability was found in the example-form.php file, where the manipulation of the captcha argument with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations Upgrading to version 0.3 is able to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider restricting the input for the captcha argument to prevent cross-site scripting attacks.