Open Edx Platform Security Vulnerabilities
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout...
6.1CVSS
5.9AI Score
0.001EPSS
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This lead...
8.8CVSS
8.8AI Score
0.034EPSS
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info"...
8.8CVSS
8.7AI Score
0.002EPSS
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored...
5.4CVSS
5.5AI Score
0.001EPSS
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a...
6.5CVSS
6.4AI Score
0.002EPSS