exploitDog

CVE-2023-52430

Опубликовано: 12 фев. 2024

Источник: nvd

CVSS3: 6.1

CVSS3: 5.4

EPSS Низкий

Описание

The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.

Ссылки

https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
Third Party Advisory
https://github.com/greenpau/caddy-security/issues/264
Issue Tracking
Vendor Advisory
https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
Third Party Advisory
https://github.com/greenpau/caddy-security/issues/264
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:authcrunch:caddy-security:1.1.20:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01272

Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-xwmv-cx7p-fqfc

CVSS3: 6.1

github

больше 1 года назад

caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting

EPSS

Процентиль: 79%

0.01272

Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79