Edx Platform

edx-platform

Vendor: Edx • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-22209 1Edx 1Edx Platform Nov 21, 2024 Jan 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in...Show more Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.Show less
CVE-2021-39248 1Edx 1Edx Platform Nov 21, 2024 Aug 17, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion.
CVE-2018-20859 1Edx 1Edx Platform Nov 21, 2024 Jul 30, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.
CVE-2017-18381 1Edx 1Edx Platform Nov 21, 2024 Jul 30, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
CVE-2017-18380 1Edx 1Edx Platform Nov 21, 2024 Jul 30, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.
CVE-2016-10766 1Edx 1Edx Platform Nov 21, 2024 Jul 29, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 edx-platform before 2016-06-06 allows CSRF.
CVE-2016-10765 1Edx 1Edx Platform Nov 21, 2024 Jul 29, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.
CVE-2015-6960 1Edx 1Edx Platform Nov 21, 2024 Jul 29, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 edx-platform before 2015-09-17 allows XSS via a team name.
CVE-2015-6253 1Edx 1Edx Platform Nov 21, 2024 Jul 29, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.
CVE-2015-5601 1Edx 1Edx Platform Nov 21, 2024 Jul 29, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
CVE-2015-2186 1Edx 2Configuration Edx Platform Nov 21, 2024 Feb 3, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note...Show more The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed.Show less
CVE-2015-6671 1Edx 1Edx Platform May 13, 2026 Mar 13, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a databa...Show more Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.Show less