5 matches found
CVE-2026-42860
The CVE-2026-42860 issue affects Open edX Openedx Enterprise Service (edx-enterprise). From 7.0.2 through 7.0.4, the sync_provider_data endpoint retrieves SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated Enterprise Admin can PATCH this field to an arbitrary ...
Open edX Platform 代码问题漏洞
The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has code vulnerabilities that stem from the syncproviderdata endpoint in the...
CVE-2025-68270 CourseLimitedStaff Role Allows Studio Access
The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and CourseLimitedStaffRole users are able t...
CVE-2025-68270
The CVE-2025-68270 issue affects the Open edX Platform. Before commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, users with CourseLimitedStaffRole could access and edit courses in Studio if their role was granted at the organization level rather than per course, and could list courses they have th...
Open edX Cross-Site Scripting Vulnerability
Open edX is an online learning management system. A cross-site scripting vulnerability exists in Open edX Ironwood.1, which stems from the lack of proper validation of client data in the WEB application and can be exploited by an attacker to execute client-side code...