CVE-2015-5601 — CVSS 8.8 (high): edx-platform before 2015-07-20 allows code execution by privileged users because the course import endpoint mishandles .tar.gz files.
CVE-2015-2186 — CVSS 7.5 (high): The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string…
CVE-2017-18380 — CVSS 7.5 (high): edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an…
CVE-2017-18381 — CVSS 7.2 (high): The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
CVE-2024-22209 — CVSS 6.4 (medium): Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes…
CVE-2021-39248 — CVSS 6.1 (medium): Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion.
CVE-2015-6671 — CVSS 5.9 (medium): Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for…