Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
EdxEdx-platform

8 matches found

CVE
CVEadded 2019/07/29 4:15 p.m.37 views

CVE-2015-6960

edx-platform before 2015-09-17 allows XSS via a team name.

6.1CVSS5.9AI score0.00359EPSS
CVE
CVEadded 2019/07/30 1:15 p.m.35 views

CVE-2017-18380

edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.

7.5CVSS7.4AI score0.00198EPSS
CVE
CVEadded 2019/07/30 7:15 p.m.35 views

CVE-2017-18381

The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.

7.2CVSS6.8AI score0.00451EPSS
CVE
CVEadded 2019/07/29 4:15 p.m.33 views

CVE-2015-6253

edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.

5.4CVSS5.2AI score0.00206EPSS
CVE
CVEadded 2019/07/30 7:15 p.m.33 views

CVE-2018-20859

edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.

6.1CVSS5.8AI score0.00301EPSS
CVE
CVEadded 2019/07/29 4:15 p.m.29 views

CVE-2015-5601

edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.

8.8CVSS8.7AI score0.00946EPSS
CVE
CVEadded 2019/07/29 5:15 p.m.27 views

CVE-2016-10765

edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.

5.3CVSS5.3AI score0.00241EPSS
CVE
CVEadded 2019/07/29 5:15 p.m.27 views

CVE-2016-10766

edx-platform before 2016-06-06 allows CSRF.

8.8CVSS8.7AI score0.00167EPSS