Primary

Context

Caido Reflected Cross-Site Scripting Vulnerability in Toast UI Component

Vulnerability

A reflected cross-site scripting vulnerability has been identified in Caido, a web security auditing toolkit, specifically within the toast UI component. This issue affects versions of Caido prior to 0.49.0. The vulnerability arises because toast messages can reflect unsanitized user input in certain tools, such as Match&Replace and Scope. An attacker could exploit this by crafting input that executes arbitrary scripts.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute scripts in the context of the user's browser.

Remediation

Users can upgrade to Caido version 0.49.0 or later to address this vulnerability. This version is available for download on the Caido GitHub Releases page.

Added: Jul 14, 2025, 11:17 PM

Updated: Jul 14, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Caido Reflected Cross-Site Scripting Vulnerability in Toast UI Component

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating