Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Caido Improperly Handles External Links in Markdown
Vulnerability Description
Caido is a web security auditing toolkit. Prior to version 0.53.0, the Markdown renderer used in Caido’s Findings page improperly handled user-supplied Markdown, allowing attacker-controlled links to be rendered without confirmation. When a user opened a finding generated through the scanner, or other plugins, clicking these injected links could redirect the Caido application to an attacker-controlled domain, enabling phishing style attacks. This issue has been patched in version 0.53.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Caido 注入漏洞
Vulnerability Description
Caido是Caido开源的一个应用程序。旨在帮助安全专业人员和爱好者高效、轻松地审核 Web 应用程序。 Caido 0.53.0之前版本存在注入漏洞,该漏洞源于Markdown渲染器处理不当,可能导致攻击者控制的链接被渲染而无需确认。
CVSS Information
N/A
Vulnerability Type
N/A