Casbin

Casdoor

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2026-5469

  • EPSS 0.04%
  • Veröffentlicht 03.04.2026 14:30:15
  • Zuletzt bearbeitet 09.04.2026 00:14:07

A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The vendor was con...

5.4

CVE-2026-5468

  • EPSS 0.03%
  • Veröffentlicht 03.04.2026 13:30:14
  • Zuletzt bearbeitet 09.04.2026 00:57:43

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remot...

6.1

CVE-2026-5467

  • EPSS 0.01%
  • Veröffentlicht 03.04.2026 11:45:10
  • Zuletzt bearbeitet 09.04.2026 01:00:46

A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to lau...

8.8

CVE-2024-41657

Exploit
  • EPSS 1.29%
  • Veröffentlicht 20.08.2024 21:15:13
  • Zuletzt bearbeitet 28.08.2024 16:13:35

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor a...

6.1

CVE-2024-41658

Exploit
  • EPSS 0.31%
  • Veröffentlicht 20.08.2024 21:15:13
  • Zuletzt bearbeitet 28.08.2024 16:08:31

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item throu...

7.5

CVE-2024-41264

  • EPSS 0.07%
  • Veröffentlicht 01.08.2024 16:15:06
  • Zuletzt bearbeitet 16.08.2024 16:00:36

An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.

6.9

CVE-2024-5587

  • EPSS 0.13%
  • Veröffentlicht 02.06.2024 10:15:07
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessib...

6.5

CVE-2023-34927

Exploit
  • EPSS 0.4%
  • Veröffentlicht 22.06.2023 13:15:10
  • Zuletzt bearbeitet 21.11.2024 08:07:40

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.

8.1

CVE-2022-44942

Exploit
  • EPSS 0.21%
  • Veröffentlicht 07.12.2022 02:15:09
  • Zuletzt bearbeitet 23.04.2025 14:15:24

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.

9.1

CVE-2022-38638

Exploit
  • EPSS 0.68%
  • Veröffentlicht 09.09.2022 20:15:11
  • Zuletzt bearbeitet 21.11.2024 07:16:51

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.