3 matches found
CVE-2020-13144
CVE-2020-13144 affects Open edX Ironwood 2.5 Studio. When CodeJail is not enforced, an authenticated user can navigate to Create New course > New section > New subsection > New unit > Add new component > Problem > Advanced > Custom Python evaluated code, edit a problem and ex...
CVE-2020-13145
CVE-2020-13145 affects Open edX Studio (Ironwood 2.5). The vulnerability arises from allowing SVG file uploads via the Content > File Uploads screen, where uploaded SVGs can contain JavaScript and trigger Stored XSS. Multiple connected sources corroborate the same description, noting lack of p...
CVE-2020-13146
Open edX Ironwood 2.5 Studio is affected by a CSV injection vulnerability. The issue arises when an added cohort in Course > Instructor > Cohorts may contain a formula that is exported through Course > Data Downloads > Reports > Download profile info, allowing injection in exported...