3 matches found
CVE-2026-35404
Open edX Platform is affected by CVE-2026-35404 due to an unvalidated redirect_url parameter in the view_survey endpoint. The parameter is passed directly to HttpResponseRedirect(), causing a 302 redirect when a non-existent survey name is requested. The same unvalidated URL is also returned in a...
CVE-2026-35404 Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter
Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...
CVE-2026-35404 Open edX Platform has an Open Redirect in Survey Views via Unvalidated redirect_url Parameter
Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...