Vendor
Submitty
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13121 | Med | 0.40 | 6.1 | 0.04 | May 16, 2020 | Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. | ||
| CVE-2020-12882 | Med | 0.38 | 5.4 | 0.01 | May 15, 2020 | Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. | ||
| CVE-2023-43194 | Med | 0.00 | 5.3 | 0.01 | Nov 2, 2023 | Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter. | ||
| CVE-2023-43193 | Med | 0.00 | 6.1 | 0.00 | Nov 2, 2023 | Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS. |
- risk 0.40cvss 6.1epss 0.04
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.
- risk 0.38cvss 5.4epss 0.01
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow.
- risk 0.00cvss 5.3epss 0.01
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.
- risk 0.00cvss 6.1epss 0.00
Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.