Lucene search
K
EdxEdx-platform

12 matches found

CVE
CVE
added 2024/01/13 7:40 a.m.94 views

CVE-2024-22209

Open edX Platform suffers an access-control vulnerability where a user with a JWT and limited scopes could call endpoints beyond their authorization. The issue concerns the XBlock custom auth not respecting JWT scopes, enabling elevation of privileges for certain API endpoints. Red Hat, NVD, and ...

8.8CVSS8.6AI score0.00574EPSS
CVE
CVE
added 2019/07/30 12:30 p.m.52 views

CVE-2017-18380

CVE-2017-18380 affects edx-platform (pre-2017-08-03). The issue allows an attacker to trigger password-reset emails where the reset link uses an attacker-controlled domain name, enabling potential phishing or credential harvesting vectors. Documented impact: ability to cause user-facing reset mes...

7.5CVSS7.4AI score0.01079EPSS
CVE
CVE
added 2019/07/29 3:30 p.m.49 views

CVE-2015-6960

CVE-2015-6960 affects edx-platform prior to 2015-09-17 and allows cross-site scripting via a team name. The connected records corroborate this XSS vulnerability; however, the provided documents do not specify affected versions beyond the date, root cause details, exploit steps, or remediation/pat...

6.1CVSS5.9AI score0.00641EPSS
CVE
CVE
added 2019/07/30 6:38 p.m.49 views

CVE-2017-18381

CVE-2017-18381 concerns Open edX installations prior to 2017-01-10, where the installation process exposed a MongoDB instance to external connections using default credentials. This creates a risk of unauthorized access to the database. The connected Red Hat and other vulnerability records corrob...

7.2CVSS6.8AI score0.01165EPSS
CVE
CVE
added 2019/07/30 6:46 p.m.47 views

CVE-2018-20859

CVE-2018-20859 affects the Open edX platform (edx-platform). It describes an XSS vulnerability: edx-platform before 2018-07-18 allows executing client-side code via a response to a Chemical Equation advanced problem. The root cause is lack of proper validation of client data in the web applicatio...

6.1CVSS5.8AI score0.01202EPSS
CVE
CVE
added 2019/07/29 3:36 p.m.45 views

CVE-2015-6253

CVE-2015-6253 affects edx-platform prior to 2015-08-17 and enables Cross-Site Scripting in the Studio listing of courses. Exploitation details are not provided in the connected documents, and no remediation steps are specified here.

5.4CVSS5.2AI score0.0053EPSS
CVE
CVE
added 2021/08/17 8:33 p.m.45 views

CVE-2021-39248

Open edX Open edX platform (Lilac.1) is affected by a cross-site scripting (XSS) vulnerability in common/static/common/js/discussion/utils.js triggered by crafted LaTeX content within a discussion. Root cause is improper handling/validation of LaTeX content in discussion posts, allowing injected ...

6.1CVSS5.9AI score0.00581EPSS
CVE
CVE
added 2019/07/29 3:41 p.m.44 views

CVE-2015-5601

CVE-2015-5601 affects edx-platform prior to 2015-07-20. A vulnerable endpoint (course import) mishandles .tar.gz files, allowing code execution by privileged users. Documents provide CVSS details (2.0/6.5; 3.0/8.8) indicating impact on confidentiality, integrity, and availability (all high/partia...

8.8CVSS8.7AI score0.0149EPSS
CVE
CVE
added 2017/03/13 7:12 a.m.42 views

CVE-2015-6671

Open edX edx-platform pre-2015-08-25 stores SAML SSO secrets in the database, enabling potential exposure of sensitive information via a database backup. The root cause is storage of SAML secrets in the database, which means that if a backup is accessed, context-dependent attackers may obtain sen...

5.9CVSS5.4AI score0.0089EPSS
CVE
CVE
added 2019/07/29 4:10 p.m.41 views

CVE-2016-10765

CVE-2016-10765 affects edx-platform prior to 2016-06-10. The issue permits account activation using a spoofed email address, enabling potential unauthorized activation of user accounts. The provided documents do not specify exploitable vectors, affected versions beyond the date, or remediation/wo...

5.3CVSS5.3AI score0.0076EPSS
CVE
CVE
added 2018/02/03 12:0 a.m.40 views

CVE-2015-2186

The CVE-2015-2186 entry concerns the Ansible edxapp role in the edX Configuration Repo. The vulnerability arises from using the string literal "False" instead of a boolean False for CORS_ORIGIN_ALLOW_ALL, enabling remote sites to spoof edX accounts. The issue affected the edX configuration but wa...

7.5CVSS7.4AI score0.01131EPSS
CVE
CVE
added 2019/07/29 4:12 p.m.40 views

CVE-2016-10766

CVE-2016-10766 affects edx-platform prior to 2016-06-06 and is a cross-site request forgery (CSRF) vulnerability. According to the sources, the issue is a CSRF flaw in edx-platform before the specified date. CVSSv3.1 base score is 8.8 (HIGH) with NETWORK attack vector, LOW attack complexity, no p...

8.8CVSS8.7AI score0.00604EPSS