Lucene search
K

5 matches found

CVE
CVE
added 2026/05/11 5:40 p.m.19 views

CVE-2026-42860

The CVE-2026-42860 issue affects Open edX Openedx Enterprise Service (edx-enterprise). From 7.0.2 through 7.0.4, the sync_provider_data endpoint retrieves SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated Enterprise Admin can PATCH this field to an arbitrary ...

8.5CVSS5.9AI score0.00301EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Open edX Platform 代码问题漏洞

The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has code vulnerabilities that stem from the syncproviderdata endpoint in the...

9.9CVSS6AI score0.00374EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/16 6:26 p.m.25 views

CVE-2025-68270 CourseLimitedStaff Role Allows Studio Access

The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and CourseLimitedStaffRole users are able t...

9.9CVSS0.00275EPSS
Exploits0References4
CVE
CVE
added 2025/12/16 6:26 p.m.13 views

CVE-2025-68270

The CVE-2025-68270 issue affects the Open edX Platform. Before commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, users with CourseLimitedStaffRole could access and edit courses in Studio if their role was granted at the organization level rather than per course, and could list courses they have th...

9.9CVSS6.4AI score0.00275EPSS
Exploits0References4
CNVD
CNVD
added 2020/03/20 12:0 a.m.2 views

Open edX Cross-Site Scripting Vulnerability

Open edX is an online learning management system. A cross-site scripting vulnerability exists in Open edX Ironwood.1, which stems from the lack of proper validation of client data in the WEB application and can be exploited by an attacker to execute client-side code...

6.1CVSS6.4AI score0.0049EPSS
Exploits1References1
Rows per page
Query Builder