GHSA-xwmv-cx7p-fqfc, CVE-2023-52430
go/github.com/greenpau/caddy-security
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.
All versions up to 1.1.20
Unfortunately, there is no solution available yet.
2024-02-14
source |