CVE-2025-53834

Caido Toast Vulnerable to Reflected Cross-site Scripting

Description

Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker to craft input that results in arbitrary script execution. Version 0.49.0 fixes the issue.

INFO

Published Date :

2025-07-14T22:49:18.813Z

Last Modified :

2025-07-15T19:49:38.248Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-53834 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53834.

URL	Resource
https://github.com/caido/caido/releases/tag/v0.49.0
https://github.com/caido/caido/security/advisories/GHSA-h8jr-c6qq-h7m7

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact