Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
edx edx-platform vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2015-6671
Open edX edx-platform prior to 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent malicious users to obtain sensitive information by leveraging access to a database backup.
Edx Edx-platform
7.5
CVSSv3
CVE-2015-2186
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but ...
Edx Edx-platform
Edx Configuration
8.8
CVSSv3
CVE-2020-13144
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and e...
Edx Open Edx Platform 2.5
5.4
CVSSv3
CVE-2020-13145
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.
Edx Open Edx Platform 2.5
8.8
CVSSv3
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.
Edx Open Edx Platform 2.5
6.1
CVSSv3
CVE-2022-32195
Open edX platform prior to 2022-06-06 allows XSS via the "next" parameter in the logout URL.
Edx Open Edx
6.5
CVSSv3
CVE-2015-2286
lms/templates/footer-edx-new.html in Open edX edx-platform prior to 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote malicious users to discover password-reset tokens by reading a referer log after a victim navigates from t...
Edx Open Edx
5.4
CVSSv3
CVE-2023-23611
LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, before 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can pos...
Openedx Xblock-lti-consumer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2