RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.
CVSS Score
9.0
EPSS Score
0.0
Published
2026-05-08
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1, allows remote attackers to execute arbitrary code via a crafted payload to the Markup Sandbox feature.
CVSS Score
6.0
EPSS Score
0.009
Published
2024-04-26
Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function.
CVSS Score
7.5
EPSS Score
0.047
Published
2024-04-26
Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.
CVSS Score
2.6
EPSS Score
0.002
Published
2024-04-22
An issue in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Page Sandbox feature.
CVSS Score
8.8
EPSS Score
0.017
Published
2024-04-22