CVE-2026-42857
- EPSS 0.21%
- Veröffentlicht 11.05.2026 18:16:36
- Zuletzt bearbeitet 13.05.2026 16:16:48
Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove <style> tags from user-generated discussion post content. This c...
CVE-2026-42858
- EPSS 0.37%
- Veröffentlicht 11.05.2026 18:16:36
- Zuletzt bearbeitet 13.05.2026 14:53:35
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata_url POST paramete...
CVE-2026-35404
- EPSS 0.22%
- Veröffentlicht 06.04.2026 21:22:29
- Zuletzt bearbeitet 11.05.2026 18:16:32
Open edX Platform enables the authoring and delivery of online learning at any scale. The view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent surv...
CVE-2024-43782
- EPSS 0.51%
- Veröffentlicht 23.08.2024 15:15:16
- Zuletzt bearbeitet 12.09.2024 18:29:50
This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-pl...