Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-46147: XSS Issues in Xblock Input Fields

Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds.

CVE
Open in Source
#xss#vulnerability

Package

pip xblock-drag-and-drop-v2 (pip)

Affected versions

< 3.0.0

Patched versions

3.0.0

Description

Impact

XSS Vulnerability in multiple XBlock Fields. Any platform that has deployed the XBlock will be impacted.

Patches

Not yet. This

Workarounds

None.

References

#295 (comment)

Related news

GHSA-qv6c-367r-3w6q: XBlock vulnerable to Cross-Site Scripting (XSS)

### Impact XSS Vulnerability in multiple XBlock Fields. Any platform that has deployed the XBlock will be impacted. ### Patches https://github.com/openedx/xblock-drag-and-drop-v2/commit/53c4482f9bb6d8c7ccdf5253bd82c84a222b2492 The fix is compatible with all Open edX releases newer than Lilac. ### Workarounds None. ### References https://github.com/openedx/xblock-drag-and-drop-v2/pull/295#issuecomment-1277693864

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE