5 matches found
CVE-2026-8337
Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...
PT-2026-30739
Name of the Vulnerable Software and Affected Versions Open edX Platform affected versions not specified Description The Open edX Platform allows for the creation and delivery of online learning content. The view survey API endpoint is susceptible to an open redirect issue due to the lack of...
Open edX Platform 输入验证错误漏洞
The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has a vulnerability related to input validation, where the redirecturl...
EUVD-2026-17084
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...
CVE-2026-3321
A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/EVENTID/TIMESTAMP/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This publicly exposed data may...