logo

Database

Reflected cross-site scripting (XSS) In github.com/greenpau/caddy-security

Description

caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-524302. NVD-2023-524303. OSV-2023-524304. GCVE-2023-52430

References

1. https://github.com/greenpau/caddy-security/issues/2642. https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.