Lucene search
+L

108 matches found

redhatcve
redhatcve
added 2025/02/05 7:19 p.m.9 views

CVE-2022-0936

Cross-site Scripting XSS - Stored in GitHub repository autolab/autolab prior to 2.8.0...

7.6CVSS5.9AI score0.00646EPSS
Exploits1References1
nvd
nvd
added 2024/11/27 10:15 p.m.17 views

CVE-2024-53260

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS0.00462EPSS
Exploits0References2
cve
cve
added 2024/11/27 9:28 p.m.52 views

CVE-2024-53260

CVE-2024-53260 concerns Autolab, a course management service. A vulnerability allows a user to inject a CSV-formula via their first/last name; when an instructor downloads and opens a roster, the injected formula is evaluated, potentially leaking student information to a remote endpoint. Technica...

6.8CVSS6.7AI score0.00462EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/11/27 9:28 p.m.11 views

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS6.9AI score0.00462EPSS
Exploits0References2
cvelist
cvelist
added 2024/11/27 9:28 p.m.47 views

CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab

Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...

6.8CVSS0.00462EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/11/27 12:0 a.m.4 views

Autolab 安全漏洞

Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A security vulnerability exists in Autolab 3.0.2 and prior versions that stems from the ability of users to change their first or last name, which could lead to the disclosu...

6.8CVSS6.1AI score0.00462EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/11/27 12:0 a.m.4 views

PT-2024-35698 · Autolab · Autolab

Name of the Vulnerable Software and Affected Versions: Autolab affected versions not specified Description: Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When ...

6.8CVSS7AI score0.00462EPSS
Exploits0References7
nvd
nvd
added 2024/11/25 8:15 p.m.33 views

CVE-2024-53258

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

7.1CVSS0.00469EPSS
Exploits0References2
cvelist
cvelist
added 2024/11/25 7:19 p.m.18 views

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

7.1CVSS0.00469EPSS
Exploits0References2
osv
osv
added 2024/11/25 7:19 p.m.14 views

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

7.1CVSS6.6AI score0.00469EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/11/25 7:19 p.m.25 views

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

7.1CVSS6.7AI score0.00469EPSS
Exploits0References2
cve
cve
added 2024/11/25 7:19 p.m.73 views

CVE-2024-53258

CVE-2024-53258 affects Autolab, a course management service for auto-graded programming assignments. From v3.0.0, the existing download_all_submissions feature allows a logged-in user to download all submissions from another student, potentially leaking submissions to unauthorized users (includin...

7.1CVSS6.9AI score0.00469EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2024/11/25 12:0 a.m.4 views

Autolab 安全漏洞

Autolab is an open source course management service from Autolab. It supports automatically graded programming assignments. A security vulnerability exists in Autolab version 3.0.0 that stems from the ability of students to download all assignments from other students using the...

7.1CVSS6.4AI score0.00469EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/11/25 12:0 a.m.6 views

PT-2024-35697 · Autolab · Autolab

Name of the Vulnerable Software and Affected Versions: Autolab versions 3.0.0 through 3.0.2 Description: Autolab is a course management service that enables auto-graded programming assignments. The issue allows students to download all assignments from another student, as long as they are logged...

7.1CVSS7.2AI score0.00469EPSS
Exploits0References5
nvd
nvd
added 2024/11/18 9:15 p.m.25 views

CVE-2024-52584

Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs hav...

7.1CVSS0.00247EPSS
Exploits0References2
nvd
nvd
added 2024/11/18 9:15 p.m.24 views

CVE-2024-52585

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...

5.4CVSS0.00256EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/11/18 8:45 p.m.20 views

CVE-2024-52585 Autolab has HTML Injection Vulnerability

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...

5.1CVSS6.9AI score0.00256EPSS
Exploits0References2
cve
cve
added 2024/11/18 8:45 p.m.60 views

CVE-2024-52585

Autolab CVE-2024-52585 affects Autolab 3.0.1 with an HTML injection vulnerability on the grade submissions page that can impact instructors and CAs. The issue is mitigated by upgrading to 3.0.2 or applying the patch manually: edit line 589 in gradesheet.js.erb to take in feedback as text rather t...

5.4CVSS6.5AI score0.00256EPSS
Exploits0References2Affected Software1
osv
osv
added 2024/11/18 8:45 p.m.21 views

CVE-2024-52585 Autolab has HTML Injection Vulnerability

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...

5.1CVSS7.1AI score0.00256EPSS
Exploits0References4
cvelist
cvelist
added 2024/11/18 8:45 p.m.36 views

CVE-2024-52585 Autolab has HTML Injection Vulnerability

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing...

5.1CVSS0.00256EPSS
Exploits0References2
Rows per page
Query Builder