edx edx-platform - vulnerabilities and exploits

(subscribe to this query)

6.5

CVSSv2

edx-platform prior to 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.

Edx Edx-platform

4.3

CVSSv2

edx-platform prior to 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.

Edx Edx-platform

6.5

CVSSv2

The installation process in Open edX prior to 2017-01-10 exposes a MongoDB instance to external connections with default credentials.

Edx Edx-platform

1 Github repository

3.5

CVSSv2

edx-platform prior to 2015-08-17 allows XSS in the Studio listing of courses.

Edx Edx-platform

4.3

CVSSv2

Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion.

Edx Edx-platform -

4.3

CVSSv2

edx-platform prior to 2015-09-17 allows XSS via a team name.

Edx Edx-platform

4.3

CVSSv2

Open edX edx-platform prior to 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent malicious users to obtain sensitive information by leveraging access to a database backup.

Edx Edx-platform

5

CVSSv2

edx-platform prior to 2017-08-03 allows malicious users to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.

Edx Edx-platform

5

CVSSv2

edx-platform prior to 2016-06-10 allows account activation with a spoofed e-mail address.

Edx Edx-platform

6.8

CVSSv2

edx-platform prior to 2016-06-06 allows CSRF.

Edx Edx-platform

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook