Vendor
Open EdX Platform
Products
1
CVEs
5
Across products
5
Status
Private
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5601 | Hig | 0.57 | 8.8 | 0.01 | Jul 29, 2019 | edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files. | ||
| CVE-2015-6960 | Med | 0.40 | 6.1 | 0.01 | Jul 29, 2019 | edx-platform before 2015-09-17 allows XSS via a team name. | ||
| CVE-2015-6253 | Med | 0.35 | 5.4 | 0.01 | Jul 29, 2019 | edx-platform before 2015-08-17 allows XSS in the Studio listing of courses. | ||
| CVE-2016-10765 | Med | 0.28 | 5.3 | 0.01 | Jul 29, 2019 | edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. | ||
| CVE-2024-22209 | Med | 0.00 | 6.4 | 0.01 | Jan 13, 2024 | Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f. |
- risk 0.57cvss 8.8epss 0.01
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
- risk 0.40cvss 6.1epss 0.01
edx-platform before 2015-09-17 allows XSS via a team name.
- risk 0.35cvss 5.4epss 0.01
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.
- risk 0.28cvss 5.3epss 0.01
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.
- risk 0.00cvss 6.4epss 0.01
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.