27 matches found
CVE-2022-46147 Drag and Drop XBlock v2 has XSS Issues in Xblock Input Fields
Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contai...
CVE-2022-46147
CVE-2022-46147 concerns the Drag and Drop XBlock v2 used with Open edX. The vulnerability is an XSS issue in multiple XBlock Fields that affects versions prior to 3.0.0. The 3.0.0 release contains a patch to address the issue. There are no explicit exploit details or known workarounds reported in...
Drag and Drop XBlock v2 跨站脚本漏洞
Drag and Drop XBlock v2 is an Open edX open source SDK package for online education sites. Implements a drag and drop problem where the learner must drag items to areas on the target image. A cross-site scripting vulnerability exists in Drag and Drop XBlock v2 versions prior to 3.0.0. An attacker...
CVE-2022-46147 Drag and Drop XBlock v2 has XSS Issues in Xblock Input Fields
Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contai...
PT-2022-27763 · Unknown · Drag/Drop Xblock
Name of the Vulnerable Software and Affected Versions: Drag and Drop XBlock v2 versions prior to 3.0.0 Description: The issue affects the Drag and Drop XBlock v2, which implements a drag-and-drop style problem. It is vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that...
CVE-2022-46147 Drag and Drop XBlock v2 has XSS Issues in Xblock Input Fields
Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contai...
GHSA-3J5X-7CCF-PPGM Cross-site scripting in recommender-xblock
Recommender before 1.3.1 allows XSS. It is possible for a learner to craft a fake resource to recommender, that includes script which could possibly steal credentials from staff if they are lured into viewing the recommended resource...