Skip to main content

Open Edx Platform

3 CVEs product

Monthly

CVE-2020-13146 HIGH POC This Week

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Open Edx Platform
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-13145 MEDIUM POC This Month

Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Edx Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-13144 HIGH POC THREAT This Week

Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Python Open Edx Platform
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.0%
EPSS 1% CVSS 8.8
HIGH POC This Week

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Open Edx Platform
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Edx Platform
NVD
EPSS 11% CVSS 8.8
HIGH POC THREAT This Week

Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Python +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy