Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
edx vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2016-10765
edx-platform prior to 2016-06-10 allows account activation with a spoofed e-mail address.
Edx Edx-platform
6.1
CVSSv3
CVE-2015-6960
edx-platform prior to 2015-09-17 allows XSS via a team name.
Edx Edx-platform
5.9
CVSSv3
CVE-2015-6671
Open edX edx-platform prior to 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent malicious users to obtain sensitive information by leveraging access to a database backup.
Edx Edx-platform
7.2
CVSSv3
CVE-2017-18381
The installation process in Open edX prior to 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
Edx Edx-platform
1 Github repository
5.4
CVSSv3
CVE-2020-13145
Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS.
Edx Open Edx Platform 2.5
8.8
CVSSv3
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.
Edx Open Edx Platform 2.5
8.8
CVSSv3
CVE-2020-13144
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and e...
Edx Open Edx Platform 2.5
6.1
CVSSv3
CVE-2019-20513
Open edX Ironwood.1 allows support/certificates?user= reflected XSS.
Edx Open Edx 2019-03-15
6.1
CVSSv3
CVE-2018-20858
Recommender prior to 2018-07-18 allows XSS.
Edx Recommender
6.1
CVSSv3
CVE-2019-20512
Open edX Ironwood.1 allows support/certificates?course_id= reflected XSS.
Open.edx Ironwood .1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »