Skip to main content

Captcha Protect

1 CVEs product

Monthly

CVE-2026-34206 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Captcha Protect versions prior to 1.12.2 allows unauthenticated remote attackers to inject arbitrary script into the anti-bot challenge page by supplying a crafted destination parameter. The vulnerability exploits unsafe use of Go's text/template library, which does not perform contextual HTML escaping, enabling attackers to break out of HTML attributes and execute malicious code in the context of users viewing the challenge page. This affects all Traefik middleware deployments using vulnerable versions of libops/captcha-protect.

XSS Captcha Protect
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) in Captcha Protect versions prior to 1.12.2 allows unauthenticated remote attackers to inject arbitrary script into the anti-bot challenge page by supplying a crafted destination parameter. The vulnerability exploits unsafe use of Go's text/template library, which does not perform contextual HTML escaping, enabling attackers to break out of HTML attributes and execute malicious code in the context of users viewing the challenge page. This affects all Traefik middleware deployments using vulnerable versions of libops/captcha-protect.

XSS Captcha Protect
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy