2 matches found
GHSA-XWMV-CX7P-FQFC caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring...
PT-2024-14586 · Caddy · Caddy +1
Name of the Vulnerable Software and Affected Versions: caddy-security plugin for Caddy version 1.1.20 Description: The issue allows reflected Cross-site Scripting XSS via a GET request to a URL that contains an XSS payload and begins with either a "/admin" or "/settings/mfa/delete/" substring. Th...