38 matches found
Submitty <= 20.04.01 - Open Redirect
Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-13121...
CVE-2020-12882
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow...
EUVD-2020-5163
Malware in sbrugna...
EUVD-2023-47613
Malicious code in bioql PyPI...
EUVD-2023-47612
Malicious code in bioql PyPI...
CVE-2023-43193
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2020-13121
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2023-43193
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
CVE-2023-43193
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
CVE-2023-43193
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
Cross site scripting
Submitty before v22.06.00 is vulnerable to Cross Site Scripting XSS. An attacker can create a malicious link in the forum that leads to XSS...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...
CVE-2023-43194
CVE-2023-43194 affects Submitty prior to v22.06.00. The issue is an Incorrect Access Control allowing an attacker to delete any forum post by modifying a request parameter. This is a parameter/tolicy validation flaw in the forum post handling. Impact is limited to unauthorized deletion of forum p...
Submitty Security Vulnerability
Submitty is an open source course management system . The system supports features such as course management, assignment submission, exams and grading systems. A security vulnerability exists in versions prior to Submitty v22.06.00, which stems from an access control error issue that allows an...
Submitty Security Vulnerability
Submitty is an open source course management system . The system supports features such as course management, assignment submission, exams and grading systems. A security vulnerability exists in versions prior to Submitty v22.06.00 that stems from the presence of a cross-site scripting XSS...
CVE-2023-43194
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter...