Lucene search
+L

99 matches found

Cvelist
Cvelist
added 2024/07/25 2:34 p.m.20 views

CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

5.3CVSS0.00331EPSS
Exploits0References2
OSV
OSV
added 2024/07/25 2:34 p.m.12 views

CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.5 views

Open edX Platform 安全漏洞

Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in Open edX Platform that stems from the fact that for certain...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.9 views

PT-2024-5257 · Amazon · Aws S3

Name of the Vulnerable Software and Affected Versions: Open edX Platform versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper Description: The issue is related to inadequate access control in the Open edX Platform, specifically with the AWS S3 Bucket Handler component. This may all...

5.3CVSS7AI score0.00331EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/01/13 7:40 a.m.32 views

CVE-2024-22209 XBlock custom auth does not respect JWT Scopes

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...

6.4CVSS8.8AI score0.00574EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/01/13 7:40 a.m.14 views

CVE-2024-22209 XBlock custom auth does not respect JWT Scopes

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...

6.4CVSS8.7AI score0.00574EPSS
Exploits1References3
OSV
OSV
added 2024/01/13 7:40 a.m.26 views

CVE-2024-22209 XBlock custom auth does not respect JWT Scopes

Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f...

6.4CVSS8.3AI score0.00574EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/13 12:0 a.m.10 views

PT-2024-19277 · Edx · Open Edx Platform

Name of the Vulnerable Software and Affected Versions: Open edX Platform versions prior to the version containing commit 019888f Description: The issue affects the Open edX Platform, a service-oriented platform for authoring and delivering online learning. A user with a JWT and limited scopes cou...

8.8CVSS8.5AI score0.00574EPSS
Exploits1References6
NVD
NVD
added 2023/01/26 9:18 p.m.63 views

CVE-2023-23611

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.4CVSS5.5AI score0.00384EPSS
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.25 views

Authorization

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.5CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/25 5:39 a.m.138 views

CVE-2023-23611

The CVE-2023-23611 entry concerns the LTI Consumer XBlock for Open edX. Affected: LTI Consumer XBlock versions 7.0.0 and above, before 7.2.2. Issue: Missing Authorization allows any integrated LTI tool to post grades for any LTI XBlock by guessing the block location via the resource_link_id, comp...

5.4CVSS5.4AI score0.00384EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/25 5:39 a.m.7 views

CVE-2023-23611 xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.4CVSS5.8AI score0.00384EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/31 12:0 a.m.4 views

Open edX platform cross-site scripting vulnerability

The Open edX platform is an open source course management system CMS. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A cross-site scripting vulnerability exists in versions of Open edX platform prior to 2018-07-18. The vulnerability...

6.1CVSS6.4AI score0.01202EPSS
Exploits0References1
Prion
Prion
added 2019/07/30 7:15 p.m.11 views

Design/Logic Flaw

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem...

4.3CVSS5.9AI score0.01202EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/07/30 1:15 p.m.26 views

CVE-2017-18380

edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name...

7.5CVSS7.5AI score0.01079EPSS
Exploits0References2
CVE
CVE
added 2019/07/30 12:30 p.m.52 views

CVE-2017-18380

CVE-2017-18380 affects edx-platform (pre-2017-08-03). The issue allows an attacker to trigger password-reset emails where the reset link uses an attacker-controlled domain name, enabling potential phishing or credential harvesting vectors. Documented impact: ability to cause user-facing reset mes...

7.5CVSS7.4AI score0.01079EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/07/29 5:15 p.m.16 views

CVE-2016-10766

edx-platform before 2016-06-06 allows CSRF...

8.8CVSS8.7AI score0.00604EPSS
Exploits0References2
NVD
NVD
added 2019/07/29 5:15 p.m.18 views

CVE-2016-10765

edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address...

5.3CVSS5.3AI score0.0076EPSS
Exploits0References1
OSV
OSV
added 2019/07/29 5:15 p.m.15 views

CVE-2016-10765

edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address...

5.3CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2019/07/29 5:15 p.m.14 views

CVE-2016-10766

edx-platform before 2016-06-06 allows CSRF...

8.8CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder