Sunbird-Ed/SunbirdEd-portal

GitHub

github.com

Releases2.02K

Frequency1 day 11 hours

Last Release 7 months ago

Stars40

Web Portal for sunbird software. Provides the web interfaces for all functionality of Sunbird. Find the installation instructions at: https://ed.sunbird.org/use-1/install-locally/sunbirded-portal

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-70027 ↗	Mar 11, 2026Wednesday, 11 March 2026, 15:16	7.5 HIGH	—
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information
CVE-2025-70028 ↗	Mar 9, 2026Monday, 9 March 2026, 21:16	7.5 HIGH	—
An issue pertaining to CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70030 ↗	Mar 9, 2026Monday, 9 March 2026, 20:16	7.5 HIGH	—
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70031 ↗	Mar 9, 2026Monday, 9 March 2026, 20:16	8.8 HIGH	—
An issue pertaining to CWE-352: Cross-Site Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70032 ↗	Mar 9, 2026Monday, 9 March 2026, 19:16	6.1 MEDIUM	—
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70033 ↗	Mar 9, 2026Monday, 9 March 2026, 18:16	5.4 MEDIUM	—
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
CVE-2025-70029 ↗	Feb 11, 2026Wednesday, 11 February 2026, 18:16	7.5 HIGH	—
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options