Every CVE whose affected-product data names Edx Open Edx Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2020-13144 — CVSS 8.8 (high): Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New…
CVE-2020-13146 — CVSS 8.8 (high): Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is…
CVE-2020-13145 — CVSS 5.4 (medium): Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript…