CVE-2025-53834
Caido Toast Vulnerable to Reflected Cross-site Scripting
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Caido Toast Vulnerable to Reflected Cross-site Scripting
Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker to craft input that results in arbitrary script execution. Version 0.49.0 fixes the issue.
Reserved 2025-07-09 | Published 2025-07-14 | Updated 2025-07-14 | Assigner GitHub_MCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
github.com/.../caido/security/advisories/GHSA-h8jr-c6qq-h7m7
github.com/caido/caido/releases/tag/v0.49.0
Support options
