4 matches found
CVE-2020-12882
CVE-2020-12882 concerns Submitty up to version 20.04.01, where an SVG document upload in submissions enables cross-site scripting. The collected sources consistently describe an XSS vulnerability originating from insufficient validation of client-side data during SVG uploads, as demonstrated by a...
CVE-2020-13121
Submitty up to version 20.04.01 contains an open redirect vulnerability triggered by an invalid login attempt via authentication/login?old=. The issue can redirect users to a malicious site, with potential for phishing or credential harvesting. Technical details in connected documents show affect...
CVE-2023-43194
CVE-2023-43194 affects Submitty prior to v22.06.00. The issue is an Incorrect Access Control allowing an attacker to delete any forum post by modifying a request parameter. This is a parameter/tolicy validation flaw in the forum post handling. Impact is limited to unauthorized deletion of forum p...
CVE-2023-43193
Submitty CVE-2023-43193 is a cross-site scripting (XSS) vulnerability affecting Submitty before v22.06.00. The issue allows an attacker to craft a malicious link in the forum that leads to XSS. The available documents confirm the vulnerability exists in the forum functionality and indicate the re...