VYPR

Openedx Platform

by Openedx

Source repositories

CVEs (10)

  • CVE-2025-68270CriDec 16, 2025
    risk 0.64cvss 9.9epss 0.00

    The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and…

  • CVE-2026-42858HigMay 11, 2026
    risk 0.48cvss 8.5epss 0.00

    Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata_url POST parameter. This URL is passed…

  • CVE-2015-6671MedMar 13, 2017
    risk 0.38cvss 5.9epss 0.01

    Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.

  • CVE-2026-34736MedApr 2, 2026
    risk 0.27cvss 5.3epss 0.00

    Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens…

  • CVE-2025-47942MedMay 21, 2025
    risk 0.27cvss 5.3epss 0.00

    The Open edX Platform is a learning management platform. Prior to commit 6740e75c0fdc7ba095baf88e9f5e4f3e15cfd8ba, edxapp has no built-in protection against downloading the python_lib.zip asset from courses, which is a concern since it often contains custom grading code or…

  • CVE-2024-41806MedJul 25, 2024
    risk 0.27cvss 5.3epss 0.00

    The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become…

  • CVE-2026-42857MedMay 11, 2026
    risk 0.23cvss 4.6epss 0.00

    Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with…

  • CVE-2024-22209Jan 13, 2024
    risk 0.00cvss epss 0.01

    Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.

  • CVE-2022-32195Jun 9, 2022
    risk 0.00cvss epss 0.02

    Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.

  • CVE-2021-39248Aug 17, 2021
    risk 0.00cvss epss 0.01

    Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion.