{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4d4da6f25ca732784bf1ff90a3af7ac7ce2cde7a"
            }
          ],
          "repo": "https://github.com/caido/caido",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-h8jr-c6qq-h7m7"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53834.json"
  },
  "details": "Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match\u0026Replace and Scope. This could allow an attacker to craft input that results in arbitrary script execution. Version 0.49.0 fixes the issue.",
  "id": "CVE-2025-53834",
  "modified": "2026-04-01T23:10:36.732960142Z",
  "published": "2025-07-14T22:49:18.813Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/caido/caido/releases/tag/v0.49.0"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53834.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/caido/caido/security/advisories/GHSA-h8jr-c6qq-h7m7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53834"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Caido Toast Vulnerable to Reflected Cross-site Scripting"
}