43 matches found
CVE-2019-20512
Open edX Ironwood.1 allows support/certificates?courseid= reflected XSS...
EUVD-2020-5421
Malware in sbrugna...
EUVD-2019-11056
Malware in sbrugna...
EUVD-2019-11057
Malware in sbrugna...
EUVD-2020-5420
Malware in sbrugna...
CVE-2020-13145
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "ContentFile Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS...
CVE-2020-13144
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New courseNew sectionNew subsectionNew unitAdd new componentProblem buttonAdvanced tabCustom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code...
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...
CVE-2019-20513
Open edX Ironwood.1 allows support/certificates?user= reflected XSS...
OpenEDX Ironwood 2.5 CVE-2020-13144 - Remote Code Execution
OpenEDX platform Ironwood version 2.5 suffers from a remote code execution vulnerability. Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link:...
OpenEDX platform Ironwood 2.5 - Remote Code Execution
Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian x64 CVE : CVE-2020-13144...
OpenEDX platform Ironwood 2.5 - Remote Code Execution Vulnerability
Exploit for multiple platform in category web applications Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian...
OpenEDX Ironwood 2.5 Remote Code Execution
Exploit Title: OpenEDX platform Ironwood 2.5 - Remote Code Execution Google Dork: N/A Date: 2020-05-20 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://open.edx.org/ Software Link: https://github.com/edx/edx-platform Version: Ironwood 2.5 Tested on: Debian x64 CVE : CVE-2020-13144...
Open edX Input Validation Error Vulnerability
Open edX is an online learning management system from edX Corporation in the United States. An input validation error vulnerability exists in Studio in Open edX Ironwood version 2.5, which can be exploited by an attacker to execute arbitrary code...
Open edX injection vulnerability (CNVD-2020-33667)
Open edX is an online learning management system from edX Corporation in the United States. An injection vulnerability exists in Studio in Open edX Ironwood version 2.5, which can be exploited by attackers to execute arbitrary code with the help of specially crafted files...
CVE-2020-13145
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "ContentFile Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS...
CVE-2020-13144
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New courseNew sectionNew subsectionNew unitAdd new componentProblem buttonAdvanced tabCustom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code...
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...
CVE-2020-13145
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "ContentFile Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS...
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...