194 matches found
CVE-2019-20513
Open edX Ironwood.1 allows support/certificates?user= reflected XSS...
CVE-2017-18381
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials...
CVE-2025-47942
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...
CVE-2025-47942 Learners on edX Platform can download python_lib.zip
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...
CVE-2025-47942
The CVE-2025-47942 entry describes a vulnerability in the Open edX Platform (edxapp) where, prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, there was no built-in protection to prevent downloading the python_lib.zip asset from courses. This could allow access to custom grading code or co...
CVE-2025-47942 Learners on edX Platform can download python_lib.zip
The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...
PT-2025-22436 · Unknown · Open Edx Platform
Name of the Vulnerable Software and Affected Versions: The Open edX Platform versions prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba Description: The issue concerns the Open edX Platform, a learning management platform, where prior to a specific commit, there was no built-in protection...
Open edX Platform 安全漏洞
Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in versions prior to Open edX Platform 6740e75, which stems fro...
CVE-2024-43782
This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using...
CVE-2024-52452
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1...
CVE-2024-52452
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1...
CVE-2024-52452 WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1...
CVE-2024-52452
CVE-2024-52452 affects the WordPress plugin Open edX LMS (WordPress integration) versions
CVE-2024-52452 WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1...
PT-2024-35292 · Edx · Open Edx Lms
Name of the Vulnerable Software and Affected Versions: Open edX LMS versions n/a through 2.6.1 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables potential attackers to...
WordPress plugin Open edX LMS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Open edX LMS versions = 2.6.1...
WordPress Open edX LMS Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Open edX LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52452 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 991dc17302e9 Credits Mika Required privilege Unauthenticat...
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
Problem TL;DR: Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. In LTI 1.3, LTI tools can "pass back" scores that learners earn while using LTI tools to the edX platform. The...
GHSA-7J9P-67MM-5G87 LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
Problem TL;DR: Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. In LTI 1.3, LTI tools can "pass back" scores that learners earn while using LTI tools to the edX platform. The...