VYPR
Vendor

Edx

Products
6
CVEs
11
Across products
12
Status
Private

Products

6

Recent CVEs

11
  • CVE-2015-5601HigJul 29, 2019
    risk 0.57cvss 8.8epss 0.01

    edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.

  • CVE-2016-10766HigJul 29, 2019
    risk 0.50cvss 8.8epss 0.01

    edx-platform before 2016-06-06 allows CSRF.

  • CVE-2017-18380HigJul 30, 2019
    risk 0.49cvss 7.5epss 0.01

    edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.

  • CVE-2015-2186HigFeb 3, 2018
    risk 0.49cvss 7.5epss 0.01

    The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the…

  • CVE-2022-32195MedJun 9, 2022
    risk 0.40cvss 6.1epss 0.02

    Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.

  • CVE-2015-6960MedJul 29, 2019
    risk 0.40cvss 6.1epss 0.01

    edx-platform before 2015-09-17 allows XSS via a team name.

  • CVE-2015-6671MedMar 13, 2017
    risk 0.38cvss 5.9epss 0.01

    Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.

  • CVE-2015-6253MedJul 29, 2019
    risk 0.35cvss 5.4epss 0.01

    edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.

  • CVE-2015-2286MedMar 19, 2016
    risk 0.35cvss 6.5epss 0.02

    lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this…

  • CVE-2016-10765MedJul 29, 2019
    risk 0.28cvss 5.3epss 0.01

    edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.

  • CVE-2018-20859MedJul 30, 2019
    risk 0.00cvss 6.1epss 0.01

    edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.