Authcrunch Caddy-security — known CVE vulnerabilities
Every CVE whose affected-product data names Authcrunch Caddy-security, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-52430 — CVSS 6.1 (medium): The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with…
CVE-2024-21496 — CVSS 6.1 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to…
CVE-2024-21498 — CVSS 5.3 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host…
CVE-2024-21492 — CVSS 4.8 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user…
CVE-2024-21500 — CVSS 4.8 (medium): All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts…