{
  "id": "CVE-2023-52430",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-12T23:15:08.353",
  "lastModified": "2024-02-13T14:01:49.147",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring."
    },
    {
      "lang": "es",
      "value": "El complemento caddy-security 1.1.20 para Caddy permite XSS reflejadi a trav\u00e9s de una solicitud GET a una URL que contiene un payload XSS y comienza con una subcadena /admin o /settings/mfa/delete/."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/greenpau/caddy-security/issues/264",
      "source": "cve@mitre.org"
    }
  ]
}