Description
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2018-2798 Vulnerability (CVE-2018-2798)
Moodle CVE-2011-4291 Vulnerability (CVE-2011-4291)
WordPress Plugin SEO Rank Reporter Cross-Site Scripting (2.2.2)
WordPress Plugin SpiderCatalog Unspecified Vulnerability (1.6.8)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-19709)