CVE-2023-52430

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/greenpau/caddy-security

Identifiers

GHSA-xwmv-cx7p-fqfc, CVE-2023-52430

Package Slug

go/github.com/greenpau/caddy-security

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.

Affected Versions

All versions up to 1.1.20

Solution

Unfortunately, there is no solution available yet.

Last Modified

2024-02-14

source