Vulnerabilities > EDX > EDX Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-03 | CVE-2015-2186 | Improper Input Validation vulnerability in EDX Configuration and Edx-Platform The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. | 5.0 |
| 2017-03-13 | CVE-2015-6671 | Information Exposure vulnerability in EDX Edx-Platform Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. | 4.3 |