Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
edx vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature.
Edx Open Edx Platform 2.5
605
VMScore
CVE-2016-10766
edx-platform prior to 2016-06-06 allows CSRF.
Edx Edx-platform
578
VMScore
CVE-2020-13144
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and e...
Edx Open Edx Platform 2.5
578
VMScore
CVE-2017-18381
The installation process in Open edX prior to 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
Edx Edx-platform
1 Github repository
578
VMScore
CVE-2015-5601
edx-platform prior to 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
Edx Edx-platform
445
VMScore
CVE-2017-18380
edx-platform prior to 2017-08-03 allows malicious users to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.
Edx Edx-platform
445
VMScore
CVE-2016-10765
edx-platform prior to 2016-06-10 allows account activation with a spoofed e-mail address.
Edx Edx-platform
445
VMScore
CVE-2015-2186
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but ...
Edx Edx-platform
Edx Configuration
383
VMScore
CVE-2022-32195
Open edX platform prior to 2022-06-06 allows XSS via the "next" parameter in the logout URL.
Edx Open Edx
383
VMScore
CVE-2021-39248
Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion.
Edx Edx-platform -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »