Lucene search
+L

194 matches found

redhatcve
redhatcve
added 2025/05/22 8:28 a.m.11 views

CVE-2019-20513

Open edX Ironwood.1 allows support/certificates?user= reflected XSS...

6.1CVSS6.9AI score0.0049EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 5:43 a.m.5 views

CVE-2017-18381

The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials...

7.2CVSS6.8AI score0.01165EPSS
Exploits0References1
nvd
nvd
added 2025/05/21 10:15 p.m.16 views

CVE-2025-47942

The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...

5.3CVSS0.00373EPSS
Exploits0References3
cvelist
cvelist
added 2025/05/21 9:15 p.m.15 views

CVE-2025-47942 Learners on edX Platform can download python_lib.zip

The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...

5.3CVSS0.00373EPSS
Exploits0References3
cve
cve
added 2025/05/21 9:15 p.m.58 views

CVE-2025-47942

The CVE-2025-47942 entry describes a vulnerability in the Open edX Platform (edxapp) where, prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, there was no built-in protection to prevent downloading the python_lib.zip asset from courses. This could allow access to custom grading code or co...

5.3CVSS5.3AI score0.00373EPSS
Exploits0References3
osv
osv
added 2025/05/21 9:15 p.m.10 views

CVE-2025-47942 Learners on edX Platform can download python_lib.zip

The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the pythonlib.zip asset from courses, which is a concern since it often contains custom grading code or answers to course...

5.3CVSS7AI score0.00373EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/05/21 12:0 a.m.7 views

PT-2025-22436 · Unknown · Open Edx Platform

Name of the Vulnerable Software and Affected Versions: The Open edX Platform versions prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba Description: The issue concerns the Open edX Platform, a learning management platform, where prior to a specific commit, there was no built-in protection...

5.3CVSS6.4AI score0.00373EPSS
Exploits0References7
cnnvd
cnnvd
added 2025/05/21 12:0 a.m.7 views

Open edX Platform 安全漏洞

Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in versions prior to Open edX Platform 6740e75, which stems fro...

5.3CVSS6.6AI score0.00373EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/02/05 12:26 p.m.13 views

CVE-2024-43782

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using...

9.8CVSS6.7AI score0.00511EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/05 12:13 p.m.8 views

CVE-2024-52452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1...

7.1CVSS8.6AI score0.0032EPSS
Exploits0References1
nvd
nvd
added 2024/12/02 2:15 p.m.14 views

CVE-2024-52452

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1...

7.1CVSS0.0032EPSS
Exploits0References1
cvelist
cvelist
added 2024/12/02 1:49 p.m.38 views

CVE-2024-52452 WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1...

7.1CVSS0.0032EPSS
Exploits0References1
cve
cve
added 2024/12/02 1:49 p.m.45 views

CVE-2024-52452

CVE-2024-52452 affects the WordPress plugin Open edX LMS (WordPress integration) versions

7.1CVSS8.6AI score0.0032EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/12/02 1:49 p.m.16 views

CVE-2024-52452 WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1...

7.1CVSS6.9AI score0.0032EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/12/02 12:0 a.m.6 views

PT-2024-35292 · Edx · Open Edx Lms

Name of the Vulnerable Software and Affected Versions: Open edX LMS versions n/a through 2.6.1 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables potential attackers to...

7.1CVSS9.3AI score0.0032EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/12/02 12:0 a.m.6 views

WordPress plugin Open edX LMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS7.7AI score0.0032EPSS
Exploits0References1
patchstack
patchstack
added 2024/11/18 9:42 a.m.6 views

WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Open edX LMS versions = 2.6.1...

7.1CVSS6.1AI score0.0032EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/11/18 12:0 a.m.11 views

WordPress Open edX LMS Plugin <= 2.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Open edX LMS Type Plugin Vulnerable versions = 2.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52452 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 991dc17302e9 Credits Mika Required privilege Unauthenticat...

6.5AI score0.0032EPSS
Exploits0References2Affected Software1
github
github
added 2024/08/30 6:47 p.m.16 views

LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability

Problem TL;DR: Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. In LTI 1.3, LTI tools can "pass back" scores that learners earn while using LTI tools to the edX platform. The...

5.4CVSS6.7AI score0.00384EPSS
Exploits0References5Affected Software1
osv
osv
added 2024/08/30 6:47 p.m.58 views

GHSA-7J9P-67MM-5G87 LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability

Problem TL;DR: Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. In LTI 1.3, LTI tools can "pass back" scores that learners earn while using LTI tools to the edX platform. The...

3.7CVSS5.3AI score0.00384EPSS
Exploits0References5
Rows per page
Query Builder