https://github.com/greenpau/caddy-security is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper input sanitization when handling /admin
or /settings/mfa/delete/
GET requests. An attacker can inject arbitrary JavaScript code into the users browser, resulting in XSS.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/greenpau/caddy-security | le | v1.1.23 | |
github.com/greenpau/caddy-security | le | v1.1.23 |