Lucene search
K
RcosSubmitty

4 matches found

CVE
CVE
added 2020/05/15 4:55 a.m.78 views

CVE-2020-12882

CVE-2020-12882 concerns Submitty up to version 20.04.01, where an SVG document upload in submissions enables cross-site scripting. The collected sources consistently describe an XSS vulnerability originating from insufficient validation of client-side data during SVG uploads, as demonstrated by a...

5.4CVSS5.2AI score0.01203EPSS
Web
CVE
CVE
added 2020/05/16 7:39 p.m.69 views

CVE-2020-13121

Submitty up to version 20.04.01 contains an open redirect vulnerability triggered by an invalid login attempt via authentication/login?old=. The issue can redirect users to a malicious site, with potential for phishing or credential harvesting. Technical details in connected documents show affect...

6.1CVSS6.3AI score0.03518EPSS
Web
CVE
CVE
added 2023/11/02 12:0 a.m.69 views

CVE-2023-43194

CVE-2023-43194 affects Submitty prior to v22.06.00. The issue is an Incorrect Access Control allowing an attacker to delete any forum post by modifying a request parameter. This is a parameter/tolicy validation flaw in the forum post handling. Impact is limited to unauthorized deletion of forum p...

5.3CVSS5.2AI score0.00505EPSS
CVE
CVE
added 2023/11/02 12:0 a.m.58 views

CVE-2023-43193

Submitty CVE-2023-43193 is a cross-site scripting (XSS) vulnerability affecting Submitty before v22.06.00. The issue allows an attacker to craft a malicious link in the forum that leads to XSS. The available documents confirm the vulnerability exists in the forum functionality and indicate the re...

6.1CVSS6AI score0.00469EPSS