cvedb.io
CVE-2026-35404
MEDIUM · CVSS 4.7
EPSS exploitation probability: 0%
Published 2026-04-06T22:16:21.360 · Last modified 2026-06-17T10:40:32.283

Summary

Open edX Platform enables the authoring and delivery of online learning at any scale. The view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the attacker-controlled URL. Additionally, the same unvalidated URL is embedded in a hidden form field and returned in a JSON response after form submission, where client-side JavaScript performs location.href = url. This enables phishing and credential theft attacks against authenticated Open edX users. This vulnerability is fixed with commit 76462f1e5fa9b37d2621ad7ad19514b403908970.

Affected products

openedx — openedx

Does this affect you?

Add your gear to cvedb and we'll alert you only when openedx ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.