CVE-2022-32195
Open edX platforms released before 2022-06-06 are vulnerable to a cross-site scripting (XSS) flaw via the next parameter in the logout URL. The issue is reflected XSS affecting the logout flow, enabling injected scripts to execute in users’ browsers on pages that read the next parameter. The CVSS...