Open Edx Security Vulnerabilities and Issues — Open Edx CVE List

Lucene search

EdxOpen Edx

3 matches found

cve•added 2022/06/09 4:15 a.m.•97 views

CVE-2022-32195

Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.

6.1CVSS5.9AI score0.0399EPSS

cve•added 2020/03/19 6:15 p.m.•38 views

CVE-2019-20513

Open edX Ironwood.1 allows support/certificates?user= reflected XSS.

6.1CVSS6.3AI score0.00169EPSS

cve•added 2016/03/19 10:59 a.m.•28 views

CVE-2015-2286

lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharin...

6.5CVSS6.4AI score0.00336EPSS