VYPR

Edx Platform

by Edx

Source repositories

CVEs (9)

  • CVE-2015-6671MedMar 13, 2017
    risk 0.38cvss 5.9epss 0.01

    Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.

  • CVE-2022-32195Jun 9, 2022
    risk 0.00cvss epss 0.02

    Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.

  • CVE-2018-20859Jul 30, 2019
    risk 0.00cvss epss 0.01

    edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.

  • CVE-2017-18380Jul 30, 2019
    risk 0.00cvss epss 0.01

    edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.

  • CVE-2016-10766Jul 29, 2019
    risk 0.00cvss epss 0.01

    edx-platform before 2016-06-06 allows CSRF.

  • CVE-2016-10765Jul 29, 2019
    risk 0.00cvss epss 0.01

    edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.

  • CVE-2015-5601Jul 29, 2019
    risk 0.00cvss epss 0.01

    edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.

  • CVE-2015-6253Jul 29, 2019
    risk 0.00cvss epss 0.01

    edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.

  • CVE-2015-6960Jul 29, 2019
    risk 0.00cvss epss 0.01

    edx-platform before 2015-09-17 allows XSS via a team name.