Rcos: >> Submitty Security Vulnerabilities
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-11-02
Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-11-02
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.
CVSS Score
6.1
EPSS Score
0.152
Published
2020-05-16
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-05-15