Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Edx-platform Security Vulnerabilities

cve
cve

CVE-2024-22209

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit...

8.8CVSS

8.6AI Score

0.001EPSS

2024-01-13 08:15 AM
19
cve
cve

CVE-2021-39248

Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a...

6.1CVSS

5.9AI Score

0.001EPSS

2021-08-17 09:15 PM
19
cve
cve

CVE-2020-13144

Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This lead...

8.8CVSS

8.8AI Score

0.034EPSS

2020-05-18 07:15 PM
97
cve
cve

CVE-2020-13146

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info"...

8.8CVSS

8.7AI Score

0.002EPSS

2020-05-18 07:15 PM
64
cve
cve

CVE-2020-13145

Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored...

5.4CVSS

5.5AI Score

0.001EPSS

2020-05-18 07:15 PM
64
cve
cve

CVE-2018-20859

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced...

6.1CVSS

5.8AI Score

0.001EPSS

2019-07-30 07:15 PM
23
cve
cve

CVE-2017-18381

The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default...

7.2CVSS

6.8AI Score

0.001EPSS

2019-07-30 07:15 PM
25
cve
cve

CVE-2017-18380

edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain...

7.5CVSS

7.4AI Score

0.001EPSS

2019-07-30 01:15 PM
25
cve
cve

CVE-2016-10765

edx-platform before 2016-06-10 allows account activation with a spoofed e-mail...

5.3CVSS

5.3AI Score

0.001EPSS

2019-07-29 05:15 PM
17
cve
cve

CVE-2016-10766

edx-platform before 2016-06-06 allows...

8.8CVSS

8.7AI Score

0.001EPSS

2019-07-29 05:15 PM
16
cve
cve

CVE-2015-6960

edx-platform before 2015-09-17 allows XSS via a team...

6.1CVSS

5.9AI Score

0.001EPSS

2019-07-29 04:15 PM
22
cve
cve

CVE-2015-6253

edx-platform before 2015-08-17 allows XSS in the Studio listing of...

5.4CVSS

5.2AI Score

0.001EPSS

2019-07-29 04:15 PM
20
cve
cve

CVE-2015-5601

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz...

8.8CVSS

8.7AI Score

0.001EPSS

2019-07-29 04:15 PM
20
cve
cve

CVE-2015-2186

The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not...

7.5CVSS

7.4AI Score

0.001EPSS

2018-02-03 03:29 PM
17
cve
cve

CVE-2015-6671

Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database...

5.9CVSS

5.4AI Score

0.002EPSS

2017-03-13 07:59 AM
18