Edx Platform
by Edx
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6671 | Med | 0.38 | 5.9 | 0.01 | Mar 13, 2017 | Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. | ||
| CVE-2022-32195 | 0.00 | — | 0.02 | Jun 9, 2022 | Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. | |||
| CVE-2018-20859 | 0.00 | — | 0.01 | Jul 30, 2019 | edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem. | |||
| CVE-2017-18380 | 0.00 | — | 0.01 | Jul 30, 2019 | edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. | |||
| CVE-2016-10766 | 0.00 | — | 0.01 | Jul 29, 2019 | edx-platform before 2016-06-06 allows CSRF. | |||
| CVE-2016-10765 | 0.00 | — | 0.01 | Jul 29, 2019 | edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. | |||
| CVE-2015-5601 | 0.00 | — | 0.01 | Jul 29, 2019 | edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | |||
| CVE-2015-6253 | 0.00 | — | 0.01 | Jul 29, 2019 | edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. | |||
| CVE-2015-6960 | 0.00 | — | 0.01 | Jul 29, 2019 | edx-platform before 2015-09-17 allows XSS via a team name. |
- risk 0.38cvss 5.9epss 0.01
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.
- CVE-2022-32195Jun 9, 2022risk 0.00cvss —epss 0.02
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.
- CVE-2018-20859Jul 30, 2019risk 0.00cvss —epss 0.01
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.
- CVE-2017-18380Jul 30, 2019risk 0.00cvss —epss 0.01
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.
- CVE-2016-10766Jul 29, 2019risk 0.00cvss —epss 0.01
edx-platform before 2016-06-06 allows CSRF.
- CVE-2016-10765Jul 29, 2019risk 0.00cvss —epss 0.01
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.
- CVE-2015-5601Jul 29, 2019risk 0.00cvss —epss 0.01
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
- CVE-2015-6253Jul 29, 2019risk 0.00cvss —epss 0.01
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.
- CVE-2015-6960Jul 29, 2019risk 0.00cvss —epss 0.01
edx-platform before 2015-09-17 allows XSS via a team name.