CVE-2024-21496

Name of the Vulnerable Software and Affected Versions github.com/greenpau/caddy-security versions all

Description The issue is related to Cross-site Scripting (XSS) via the Referer header, caused by improper input sanitization. Although some characters are escaped to prevent XSS, the sanitization does not account for attacks based on the JavaScript URL scheme. This could lead to the execution of malicious scripts in the context of the target user's browser, compromising user sessions.

Recommendations For github.com/greenpau/caddy-security versions all, consider implementing proper input sanitization for the Referer header to prevent XSS attacks. As a temporary workaround, consider restricting access to sensitive resources that rely on the Referer header until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.