CVE-2023-52430

The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.
Configurations

Configuration 1 (hide)

cpe:2.3:a:authcrunch:caddy-security:1.1.20:*:*:*:*:*:*:*

History

21 Nov 2024, 08:39

Type Values Removed Values Added
References () https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ - Third Party Advisory () https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ - Third Party Advisory
References () https://github.com/greenpau/caddy-security/issues/264 - Issue Tracking, Vendor Advisory () https://github.com/greenpau/caddy-security/issues/264 - Issue Tracking, Vendor Advisory

16 Oct 2024, 13:11

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
CPE cpe:2.3:a:authcrunch:caddy-security:1.1.20:*:*:*:*:*:*:*
References () https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ - () https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ - Third Party Advisory
References () https://github.com/greenpau/caddy-security/issues/264 - () https://github.com/greenpau/caddy-security/issues/264 - Issue Tracking, Vendor Advisory
First Time Authcrunch
Authcrunch caddy-security

13 Feb 2024, 14:01

Type Values Removed Values Added
Summary
  • (es) El complemento caddy-security 1.1.20 para Caddy permite XSS reflejadi a través de una solicitud GET a una URL que contiene un payload XSS y comienza con una subcadena /admin o /settings/mfa/delete/.

12 Feb 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-12 23:15

Updated : 2024-11-21 08:39


NVD link : CVE-2023-52430

Mitre link : CVE-2023-52430

CVE.ORG link : CVE-2023-52430


JSON object : View

Products Affected

authcrunch

  • caddy-security
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')