CVE-2022-46147

CVSS V2 None CVSS V3 None
Description
Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contains a patch for this issue. There are no known workarounds.
Overview
  • CVE ID
  • CVE-2022-46147
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-28T21:15:10.797
  • Last Modified Date
  • 2022-12-01T23:07:20.930
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:openedx:xblock-drag-and-drop-v2:*:*:*:*:*:*:*:* 1 OR 3.0.0
History
Created Old Value New Value Data Type Notes
2022-12-07 18:05:22 Added to TrackCVE