CVE-2026-5468

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

GHSA-W799-7525-RPR6 Casdoor vulnerable to Stored XSS via Application formCss / formSideHtml

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

Casdoor vulnerable to Stored XSS via Application formCss / formSideHtml

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

CVE-2026-5468

A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a manipulation of the argument formCss/formCssMobile/formSideHtml results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the publi...

CVE-2026-5468

CVE-2026-5468 affects Casdoor 2.356.0; the dangerouslySetInnerHTML handling in the code path for formCss/formCssMobile/formSideHtml is susceptible to cross-site scripting. The vulnerability can be triggered remotely and has a public exploit (PoC). AVAILABILITY and INTEGRITY impacts are noted as n...

Casdoor 代码注入漏洞

Casdoor is an open-source platform developed by Casdoor, which supports various authentication and authorization protocols. Version 2.356.0 of Casdoor contains a code injection vulnerability. This vulnerability stems from improper handling of parameters such as formCss/formCssMobile/formSideHtml,...