CVE-2025-53834

Medium CVSS 6.3

Overview

Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker to craft input that results in arbitrary script execution. Version 0.49.0 fixes the issue.

CWE: CWE-79 Published: 2025-07-14T23:15:24.870

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.3 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags