Lucene search
+L

99 matches found

prion
prion
added 2019/07/29 5:15 p.m.17 views

Code injection

edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address...

5CVSS7.1AI score0.0076EPSS
Exploits0References1Affected Software1
prion
prion
added 2019/07/29 5:15 p.m.14 views

Cross site request forgery (csrf)

edx-platform before 2016-06-06 allows CSRF...

6.8CVSS7.1AI score0.00604EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2019/07/29 4:15 p.m.15 views

CVE-2015-6960

edx-platform before 2015-09-17 allows XSS via a team name...

6.1CVSS6AI score0.00641EPSS
Exploits0References1
prion
prion
added 2019/07/29 4:15 p.m.16 views

Cross site scripting

edx-platform before 2015-09-17 allows XSS via a team name...

4.3CVSS5.9AI score0.00641EPSS
Exploits0References1Affected Software1
prion
prion
added 2019/07/29 4:15 p.m.11 views

Code injection

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...

6.5CVSS7.7AI score0.0149EPSS
Exploits0References1Affected Software1
prion
prion
added 2019/07/29 4:15 p.m.16 views

Design/Logic Flaw

edx-platform before 2015-08-17 allows XSS in the Studio listing of courses...

3.5CVSS6.2AI score0.0053EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2019/07/29 4:12 p.m.17 views

CVE-2016-10766

edx-platform before 2016-06-06 allows CSRF...

8.7AI score0.00604EPSS
Exploits0References2
cve
cve
added 2019/07/29 4:12 p.m.41 views

CVE-2016-10766

CVE-2016-10766 affects edx-platform prior to 2016-06-06 and is a cross-site request forgery (CSRF) vulnerability. According to the sources, the issue is a CSRF flaw in edx-platform before the specified date. CVSSv3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, no p...

8.8CVSS8.7AI score0.00604EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2019/07/29 4:10 p.m.21 views

CVE-2016-10765

edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address...

5.4AI score0.0076EPSS
Exploits0References1
cvelist
cvelist
added 2019/07/29 3:36 p.m.16 views

CVE-2015-6253

edx-platform before 2015-08-17 allows XSS in the Studio listing of courses...

5.3AI score0.0053EPSS
Exploits0References2
cvelist
cvelist
added 2019/07/29 3:30 p.m.17 views

CVE-2015-6960

edx-platform before 2015-09-17 allows XSS via a team name...

6AI score0.00641EPSS
Exploits0References1
cnvd
cnvd
added 2017/03/14 12:0 a.m.6 views

Open edX edx-platform Information Disclosure Vulnerability

Open edX edx-platform is a free and open source course management system CMS created by Harvard University and the Massachusetts Institute of Technology Harvard and MIT. A security vulnerability exists in versions of Open edX edx-platform prior to 2015-08-25. An attacker could exploit the...

5.9CVSS6.4AI score0.0089EPSS
Exploits0References1
nvd
nvd
added 2017/03/13 7:59 a.m.12 views

CVE-2015-6671

Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup...

5.9CVSS5.5AI score0.0089EPSS
Exploits0References2
prion
prion
added 2017/03/13 7:59 a.m.11 views

Information disclosure

Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup...

4.3CVSS6.5AI score0.0089EPSS
Exploits0References2Affected Software1
cve
cve
added 2017/03/13 7:12 a.m.42 views

CVE-2015-6671

Open edX edx-platform pre-2015-08-25 stores SAML SSO secrets in the database, enabling potential exposure of sensitive information via a database backup. The root cause is storage of SAML secrets in the database, which means that if a backup is accessed, context-dependent attackers may obtain sen...

5.9CVSS5.4AI score0.0089EPSS
Exploits0References2Affected Software1
cnvd
cnvd
added 2016/03/21 12:0 a.m.5 views

Open edX edx-platform design vulnerability

Open edX edx-platform is a free and open source course management system CMS created by Harvard University and the Massachusetts Institute of Technology Harvard and MIT. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. Open edX...

6.5CVSS7AI score0.02047EPSS
Exploits0References1
nvd
nvd
added 2016/03/19 10:59 a.m.17 views

CVE-2015-2286

lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a...

6.5CVSS6.5AI score0.02047EPSS
Exploits0References2
cvelist
cvelist
added 2016/03/19 10:0 a.m.20 views

CVE-2015-2286

lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a...

6.4AI score0.02047EPSS
Exploits0References2
cve
cve
added 2016/03/19 10:0 a.m.38 views

CVE-2015-2286

CVE-2015-2286 concerns Open edX edx-platform. The vulnerability is in the template file lms/templates/footer-edx-new.html prior to 2015-01-29, where links on the password-reset page were not properly restricted. This allowed user-assisted remote attackers to discover password-reset tokens by read...

6.5CVSS6.4AI score0.02047EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder