99 matches found
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
Open edX Platform 安全漏洞
Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in Open edX Platform that stems from the fact that for certain...
PT-2024-5257 · Amazon · Aws S3
Name of the Vulnerable Software and Affected Versions: Open edX Platform versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper Description: The issue is related to inadequate access control in the Open edX Platform, specifically with the AWS S3 Bucket Handler component. This may all...
CVE-2024-22209 XBlock custom auth does not respect JWT Scopes
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...
CVE-2024-22209 XBlock custom auth does not respect JWT Scopes
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...
CVE-2024-22209 XBlock custom auth does not respect JWT Scopes
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...
PT-2024-19277 · Edx · Open Edx Platform
Name of the Vulnerable Software and Affected Versions: Open edX Platform versions prior to the version containing commit 019888f Description: The issue affects the Open edX Platform, a service-oriented platform for authoring and delivering online learning. A user with a JWT and limited scopes cou...
CVE-2023-23611
LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...
Authorization
LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...
CVE-2023-23611
The CVE-2023-23611 entry concerns the LTI Consumer XBlock for Open edX. Affected: LTI Consumer XBlock versions 7.0.0 and above, before 7.2.2. Issue: Missing Authorization allows any integrated LTI tool to post grades for any LTI XBlock by guessing the block location via the resource_link_id, comp...
CVE-2023-23611 xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation
LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...
Open edX platform cross-site scripting vulnerability
The Open edX platform is an open source course management system CMS. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A cross-site scripting vulnerability exists in versions of Open edX platform prior to 2018-07-18. The vulnerability...
Design/Logic Flaw
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem...
CVE-2017-18380
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name...
CVE-2017-18380
CVE-2017-18380 affects edx-platform (pre-2017-08-03). The issue allows an attacker to trigger password-reset emails where the reset link uses an attacker-controlled domain name, enabling potential phishing or credential harvesting vectors. Documented impact: ability to cause user-facing reset mes...
CVE-2016-10766
edx-platform before 2016-06-06 allows CSRF...
CVE-2016-10765
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address...
CVE-2016-10765
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address...
CVE-2016-10766
edx-platform before 2016-06-06 allows CSRF...