3 matches found
CVE-2022-32195
Open edX platforms released before 2022-06-06 are vulnerable to a cross-site scripting (XSS) flaw via the next parameter in the logout URL. The issue is reflected XSS affecting the logout flow, enabling injected scripts to execute in users’ browsers on pages that read the next parameter. The CVSS...
CVE-2019-20513
Open edX Ironwood.1 is affected by a reflected XSS in the certificates flow, triggered by the parameter user in the URL (…?user=…). The issue arises from insufficient input validation in the web application, allowing an attacker-supplied payload to be reflected in the client context. Impact is sc...
CVE-2015-2286
CVE-2015-2286 concerns Open edX edx-platform. The vulnerability is in the template file lms/templates/footer-edx-new.html prior to 2015-01-29, where links on the password-reset page were not properly restricted. This allowed user-assisted remote attackers to discover password-reset tokens by read...