What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 & v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA (v2 & v3) for Asgaros Forum: from n/a through <= 1.1.0.
Explanation of Vulnerability in Simple Terms
02Summary
A cross-site scripting (XSS) vulnerability in reCAPTCHA (v2 & v3) for Asgaros Forum allows a logged-in user to inject malicious scripts that execute in other users' browsers. The vulnerability requires user interaction—typically clicking a malicious link—and can affect the entire forum scope. An attacker with low privileges can compromise forum data or session tokens.
What an attacker can do
03Attacker Capabilities
Inject malicious JavaScript that runs in other users' browsers, potentially stealing session tokens or forum data.
Potential impact on your site
04Site Impact
Forum users' accounts and data are at risk if they click attacker-controlled links; session hijacking and account takeover are possible.
Conditions required to exploit
05Prerequisites
Attacker must be logged in to the forum and trick a user into clicking a malicious link or visiting a crafted page.
Key dates
06Disclosure timeline
July 13, 2026
CVE published