The plugin does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
With the plugin setup completed, as administrator, put the payload below in the BPS Security > JTC Lite > "Login Form: CAPTCHA Error message" field and tick the "Enable|Disable JTC For These Forms: " > "Login Form" as well <style>@keyframes x{}</style><article style="animation-name:x" onanimationend="alert(/Stored XSS/)"></article> The XSS will be executed on the login page following an incorrect CAPTCHA entry.
Fayçal CHENA
Fayçal CHENA
Yes
2022-04-19 (about 2 months ago)
2022-04-19 (about 2 months ago)
2022-04-19 (about 2 months ago)