Casdoor v2.356.0 存储型XSS漏洞分析

根据用户提供的截图，我提取了以下关键信息： 1. 漏洞概述 (Vulnerability Overview): 标题: Casdoor v2.356.0 Cross Site Scripting (跨站脚本攻击)。 描述: 这是一个存储型XSS漏洞，通过 和 字段触发。 证据 (Evidence): 截图展示了具体的攻击载荷（Payload），利用 和 等字段注入恶意脚本。 攻击场景 (Attack scenario): 攻击者设置 为包含恶意脚本的链接（例如 ），当普通用户访问登录页面时，其会话cookie会被泄露。 2. 影响范围 (Impact): 受影响版本: Casdoor v2.356.0。 受影响组件: 和 字段。 具体影响: 这些字段被作为原始HTML渲染（raw HTML），导致攻击者可以注入恶意JavaScript代码，进而窃取用户会话cookie。 3. 修复方案 (Fix): 建议: 使用库（如 DOMPurify）在渲染之前对这些字段进行清理（sanitize），或者将它们限制为仅包含纯文本（CSS-only subset），并通过验证和清理内容服务器端。 4. POC/利用代码 (POC/Exploit Code): 截图中包含具体的HTML/JS注入代码片段。 现在，我将这些信息整理成简洁的中文Markdown格式。 漏洞总结：Casdoor v2.356.0 跨站脚本攻击 (XSS) 漏洞概述 漏洞类型: 存储型跨站脚本攻击 (Stored XSS)。 受影响版本: Casdoor v2.356.0。 漏洞描述: 在 和 字段中，输入的内容被作为原始 HTML (raw HTML) 渲染，导致攻击者可以注入恶意 JavaScript 代码。 攻击场景: 攻击者可以将 设置为包含恶意脚本的链接（如 ）。当普通用户访问登录页面时，其会话 cookie 会被泄露给攻击者。 影响范围 受影响字段: , , 。 渲染机制: 这些字段使用了 进行渲染，未进行适当的过滤或转义。 修复方案 建议措施: 在渲染之前，使用库（如 DOMPurify）对这些字段的内容进行清理（sanitize）。 替代方案: 将这些字段限制为仅包含纯文本（CSS-only subset），并在服务器端进行验证和清理。 POC/利用代码 ```html Evidence javascript** [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html] [html

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Casdoor v2.356.0 存储型XSS漏洞分析

目标达成感谢每一位支持者 — 我们达成了 100% 目标！