You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Corb3nik
published
GHSA-h8jr-c6qq-h7m7Jul 14, 2025
Package
caido
Affected versions
<0.49.0
Patched versions
0.49.0
caido-desktop
<0.49.0
0.49.0
Description
A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component.
Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker to craft input that results in arbitrary script execution.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Learn more on MITRE.
amrelsagaei Reporter
A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component.
Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker to craft input that results in arbitrary script execution.