edx-platform before 2018-07-18 allows XSS via a response to a Chemical Equation advanced problem.
References
Link | Resource |
---|---|
https://github.com/edx/edx-platform/commit/5b144559fbdba7ff673cc1c165aa2d343e07b6bd.patch | Patch Third Party Advisory |
https://groups.google.com/forum/#%21topic/openedx-announce/wsm5mtUhhME | |
https://patch-diff.githubusercontent.com/raw/edx/edx-platform/pull/18639.patch | Patch Third Party Advisory |
Configurations
History
07 Nov 2023, 02:56
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-07-30 19:15
Updated : 2024-02-28 17:08
NVD link : CVE-2018-20859
Mitre link : CVE-2018-20859
CVE.ORG link : CVE-2018-20859
JSON object : View
Products Affected
edx
- edx-platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')