Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open edx vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-2286
lms/templates/footer-edx-new.html in Open edX edx-platform prior to 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote malicious users to discover password-reset tokens by reading a referer log after a victim navigates from t...
Edx Open Edx
4.3
CVSSv2
CVE-2022-32195
Open edX platform prior to 2022-06-06 allows XSS via the "next" parameter in the logout URL.
Edx Open Edx
6.5
CVSSv2
CVE-2020-13144
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and e...
Edx Open Edx Platform 2.5
3.5
CVSSv2
CVE-2020-13145
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.
Edx Open Edx Platform 2.5
6.8
CVSSv2
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.
Edx Open Edx Platform 2.5
4.3
CVSSv2
CVE-2019-20513
Open edX Ironwood.1 allows support/certificates?user= reflected XSS.
Edx Open Edx 2019-03-15
6.5
CVSSv2
CVE-2017-18381
The installation process in Open edX prior to 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
Edx Edx-platform
1 Github repository
4.3
CVSSv2
CVE-2021-39248
Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion.
Edx Edx-platform -
NA
CVE-2024-22209
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
Edx Edx-platform
4.3
CVSSv2
CVE-2015-6671
Open edX edx-platform prior to 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent malicious users to obtain sensitive information by leveraging access to a database backup.
Edx Edx-platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »