Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover password-reset tokens by reading a referer log after a victim navigates from this page to a social-sharing site.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open edX edx-platform 安全漏洞
Vulnerability Description
Open edX edx-platform是美国哈佛大学和麻省理工学院(Harvard和MIT)共同创建的一套免费且开源的课程管理系统(CMS)。该系统可用于MOOCs(大规模网络开放课程)以及较小的课程和培训模块。 Open edX edx-platform 2015-01-29之前版本的lms/templates/footer-edx-new.html文件中存在安全漏洞,该漏洞源于程序没有正确限制密码重置页面的链接。远程攻击者可通过在用户从该页面导航到social-sharing网站后读取参考日志,利
CVSS Information
N/A
Vulnerability Type
N/A