PatchSiren

Caddy Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Caddy Project CVE published 2017-02-12

CVE-2017-5963

CVE-2017-5963 is a cross-site scripting vulnerability in caddy for TYPO3 before 7.2.10. The issue stems from insufficient filtration of user-supplied data in the paymillToken HTTP POST parameter sent to the affected payment.php endpoint, allowing HTML and script execution in a browser in the context of the vulnerable website.