Zend_Service_ReCaptcha_MailHide
had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities()
did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially crafted multibyte string as an attack via the CAPTCHA's email argument
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-06-07T21:59:20Z" }