Casdoor@* Security Vulnerabilities and Issues — Casdoor@* CVE List

Lucene search

CasbinCasdoor*

5 matches found

CVE•added 2022/01/29 11:15 p.m.•91 views

CVE-2022-24124

The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.

7.5CVSS7.5AI score0.63898EPSS

CVE•added 2024/08/20 9:15 p.m.•50 views

CVE-2024-41657

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in...

8.8CVSS8AI score0.00275EPSS

CVE•added 2022/12/07 2:15 a.m.•46 views

CVE-2022-44942

Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function.

8.1CVSS8.1AI score0.00412EPSS

CVE•added 2024/08/20 9:15 p.m.•42 views

CVE-2024-41658

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnerable to reflected XSS. When purchasing an item through casdoor, the product page allows you to pay via...

6.1CVSS6.2AI score0.0004EPSS

CVE•added 2023/06/22 1:15 p.m.•30 views

CVE-2023-34927

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.

6.5CVSS6.5AI score0.00346EPSS