99 matches found
Code injection
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address...
Cross site request forgery (csrf)
edx-platform before 2016-06-06 allows CSRF...
CVE-2015-6960
edx-platform before 2015-09-17 allows XSS via a team name...
Cross site scripting
edx-platform before 2015-09-17 allows XSS via a team name...
Code injection
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files...
Design/Logic Flaw
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses...
CVE-2016-10766
edx-platform before 2016-06-06 allows CSRF...
CVE-2016-10766
CVE-2016-10766 affects edx-platform prior to 2016-06-06 and is a cross-site request forgery (CSRF) vulnerability. According to the sources, the issue is a CSRF flaw in edx-platform before the specified date. CVSSv3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, no p...
CVE-2016-10765
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address...
CVE-2015-6253
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses...
CVE-2015-6960
edx-platform before 2015-09-17 allows XSS via a team name...
Open edX edx-platform Information Disclosure Vulnerability
Open edX edx-platform is a free and open source course management system CMS created by Harvard University and the Massachusetts Institute of Technology Harvard and MIT. A security vulnerability exists in versions of Open edX edx-platform prior to 2015-08-25. An attacker could exploit the...
CVE-2015-6671
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup...
Information disclosure
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup...
CVE-2015-6671
Open edX edx-platform pre-2015-08-25 stores SAML SSO secrets in the database, enabling potential exposure of sensitive information via a database backup. The root cause is storage of SAML secrets in the database, which means that if a backup is accessed, context-dependent attackers may obtain sen...
Open edX edx-platform design vulnerability
Open edX edx-platform is a free and open source course management system CMS created by Harvard University and the Massachusetts Institute of Technology Harvard and MIT. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. Open edX...
CVE-2015-2286
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a...
CVE-2015-2286
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a...
CVE-2015-2286
CVE-2015-2286 concerns Open edX edx-platform. The vulnerability is in the template file lms/templates/footer-edx-new.html prior to 2015-01-29, where links on the password-reset page were not properly restricted. This allowed user-assisted remote attackers to discover password-reset tokens by read...