Loading
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
Use CWE-254, Dotcms vendor hub and Dotcms product page to widen CVE-2016-8600 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2022-26352, CVE-2025-11165 and CVE-2022-45782 for nearby disclosures in the same product family.