Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Edx-platform'
2019-07-30
CVE-2018-20859
CWE-20
edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.
CVE-2017-18381
CWE-254
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
CVE-2017-18380
CWE-284
edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.
2019-07-29
CVE-2016-10766
CWE-352
edx-platform before 2016-06-06 allows CSRF.
CVE-2016-10765
CWE-20
edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address.
CVE-2015-6960
CWE-79
edx-platform before 2015-09-17 allows XSS via a team name.
CVE-2015-6253
CWE-79
edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.
CVE-2015-5601
CWE-434
edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
>>>
Vendor:
Open.edx
2
Products
Edx-platform
Ironwood
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Edx-platform' 