VYPR

Scoold

by Erudika

Source repositories

CVEs (5)

  • CVE-2026-39354MedApr 7, 2026
    risk 0.35cvss 6.5epss 0.00

    Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to…

  • CVE-2026-34832MedApr 2, 2026
    risk 0.35cvss 6.5epss 0.00

    Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST…

  • CVE-2024-50334Oct 29, 2024
    risk 0.01cvss epss 0.01

    Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data.…

  • CVE-2022-1543Apr 29, 2022
    risk 0.00cvss epss 0.01

    Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.

  • CVE-2021-46372Feb 18, 2022
    risk 0.00cvss epss 0.01

    Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters.