Lucene search

Instructure Security Vulnerabilities

cve

CVE-2021-36539

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL...

6.5CVSS

6.4AI Score

0.001EPSS

2023-01-26 09:15 PM

cve

CVE-2021-25006

The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting...

6.1CVSS

6AI Score

0.001EPSS

2022-03-14 03:15 PM

cve

CVE-2021-25007

The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL...

9.8CVSS

9.7AI Score

0.002EPSS

2022-03-14 03:15 PM

cve

CVE-2020-5775

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary...

5.8CVSS

5.7AI Score

0.002EPSS

2020-08-21 06:15 PM