CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-52430

The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.6%

CVSS Severity

CVSS v3 Score 6.1

References

https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
https://github.com/greenpau/caddy-security/issues/264
https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/
https://github.com/greenpau/caddy-security/issues/264

Products affected by CVE-2023-52430

Authcrunch » Caddy-Security » Version: 1.1.20

cpe:2.3:a:authcrunch:caddy-security:1.1.20

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-52430

Products

Pricing

Contact Us