Vulnerabilities (CVE)

Filtered by vendor Edx Subscribe
Filtered by product Edx-platform
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-22209 1 Edx 1 Edx-platform 2024-02-05 N/A 8.8 HIGH
Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.
CVE-2021-39248 1 Edx 1 Edx-platform 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion.
CVE-2016-10765 1 Edx 1 Edx-platform 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.
CVE-2015-6960 1 Edx 1 Edx-platform 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
edx-platform before 2015-09-17 allows XSS via a team name.
CVE-2015-5601 1 Edx 1 Edx-platform 2024-02-04 6.5 MEDIUM 8.8 HIGH
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
CVE-2017-18380 1 Edx 1 Edx-platform 2024-02-04 5.0 MEDIUM 7.5 HIGH
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.
CVE-2017-18381 1 Edx 1 Edx-platform 2024-02-04 6.5 MEDIUM 7.2 HIGH
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
CVE-2018-20859 1 Edx 1 Edx-platform 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.
CVE-2016-10766 1 Edx 1 Edx-platform 2024-02-04 6.8 MEDIUM 8.8 HIGH
edx-platform before 2016-06-06 allows CSRF.
CVE-2015-6253 1 Edx 1 Edx-platform 2024-02-04 3.5 LOW 5.4 MEDIUM
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.
CVE-2015-2186 1 Edx 2 Configuration, Edx-platform 2024-02-04 5.0 MEDIUM 7.5 HIGH
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed.
CVE-2015-6671 1 Edx 1 Edx-platform 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.