Edx
Products
6- 9 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5601 | Hig | 0.57 | 8.8 | 0.01 | Jul 29, 2019 | edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | ||
| CVE-2016-10766 | Hig | 0.50 | 8.8 | 0.01 | Jul 29, 2019 | edx-platform before 2016-06-06 allows CSRF. | ||
| CVE-2017-18380 | Hig | 0.49 | 7.5 | 0.01 | Jul 30, 2019 | edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name. | ||
| CVE-2015-2186 | Hig | 0.49 | 7.5 | 0.01 | Feb 3, 2018 | The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the… | ||
| CVE-2022-32195 | Med | 0.40 | 6.1 | 0.02 | Jun 9, 2022 | Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. | ||
| CVE-2015-6960 | Med | 0.40 | 6.1 | 0.01 | Jul 29, 2019 | edx-platform before 2015-09-17 allows XSS via a team name. | ||
| CVE-2015-6671 | Med | 0.38 | 5.9 | 0.01 | Mar 13, 2017 | Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. | ||
| CVE-2015-6253 | Med | 0.35 | 5.4 | 0.01 | Jul 29, 2019 | edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. | ||
| CVE-2015-2286 | Med | 0.35 | 6.5 | 0.02 | Mar 19, 2016 | lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this… | ||
| CVE-2016-10765 | Med | 0.28 | 5.3 | 0.01 | Jul 29, 2019 | edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. | ||
| CVE-2018-20859 | Med | 0.00 | 6.1 | 0.01 | Jul 30, 2019 | edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem. |
- risk 0.57cvss 8.8epss 0.01
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
- risk 0.50cvss 8.8epss 0.01
edx-platform before 2016-06-06 allows CSRF.
- risk 0.49cvss 7.5epss 0.01
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.
- risk 0.49cvss 7.5epss 0.01
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the…
- risk 0.40cvss 6.1epss 0.02
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.
- risk 0.40cvss 6.1epss 0.01
edx-platform before 2015-09-17 allows XSS via a team name.
- risk 0.38cvss 5.9epss 0.01
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.
- risk 0.35cvss 5.4epss 0.01
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.
- risk 0.35cvss 6.5epss 0.02
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this…
- risk 0.28cvss 5.3epss 0.01
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.
- risk 0.00cvss 6.1epss 0.01
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.