Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Open Edx Platform Security Vulnerabilities

cve
cve

CVE-2020-13144

Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This lead...

8.8CVSS

8.8AI Score

0.034EPSS

2020-05-18 07:15 PM
97
cve
cve

CVE-2020-13145

Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.

5.4CVSS

5.5AI Score

0.001EPSS

2020-05-18 07:15 PM
64
cve
cve

CVE-2020-13146

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.

8.8CVSS

8.7AI Score

0.002EPSS

2020-05-18 07:15 PM
64