CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-23039: Cross Site Scripting on URL decode Tooltip in Caido

5.2 CVSS

Description

Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to the theft of sensitive information. This issue has been addressed in version 0.45.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Classification

CVE ID: CVE-2025-23039

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.2

Affected Products

Vendor: caido

Product: caido

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.66% (scored less or equal to compared to others)

EPSS Date: 2025-02-15 (when was this score calculated)

References

https://github.com/caido/caido/security/advisories/GHSA-3mfw-fhfp-mgrv

Timeline

2025-01-18 00:30:40 UTC
CVE

Cross Site Scripting on URL decode Tooltip in Caido