Show filters
16 Total Results
Displaying 11-16 of 16
Sort by:
Attacker Value
Unknown

CVE-2016-10766

Disclosure Date: July 29, 2019 (last updated November 27, 2024)
edx-platform before 2016-06-06 allows CSRF.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-6960

Disclosure Date: July 29, 2019 (last updated November 27, 2024)
edx-platform before 2015-09-17 allows XSS via a team name.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2015-6253

Disclosure Date: July 29, 2019 (last updated November 27, 2024)
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.
0
0
Attacker Value
Unknown

CVE-2015-5601

Disclosure Date: July 29, 2019 (last updated November 27, 2024)
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
0
0
Attacker Value
Unknown

CVE-2015-2186

Disclosure Date: February 03, 2018 (last updated November 26, 2024)
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed.
0
0
Attacker Value
Unknown

CVE-2015-6671

Disclosure Date: March 13, 2017 (last updated November 26, 2024)
Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous