38 matches found
Submitty <= 20.04.01 - Open Redirect
Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-13121...
CVE-2020-12882
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow...
EUVD-2020-5163
Malware in sbrugna...
EUVD-2023-47612
Malicious code in bioql PyPI...
EUVD-2023-47613
Malicious code in bioql PyPI...
CVE-2023-43193
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2020-13121
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2023-43193
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
CVE-2023-43193
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
CVE-2023-43193
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
Cross site scripting
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2023-43194
CVE-2023-43194 affects Submitty prior to v22.06.00. The issue is an Incorrect Access Control allowing an attacker to delete any forum post by modifying a request parameter. This is a parameter/tolicy validation flaw in the forum post handling. Impact is limited to unauthorized deletion of forum p...
CVE-2023-43193
Submitty CVE-2023-43193 is a cross-site scripting (XSS) vulnerability affecting Submitty before v22.06.00. The issue allows an attacker to craft a malicious link in the forum that leads to XSS. The available documents confirm the vulnerability exists in the forum functionality and indicate the re...
CVE-2023-43193
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
Submitty Security Vulnerability
Submitty is an open source course management system . The system supports features such as course management, assignment submission, exams and grading systems. A security vulnerability exists in versions prior to Submitty v22.06.00 that stems from the presence of a cross-site scripting XSS...