CVE-2021-39248

Name of the Vulnerable Software and Affected Versions Open edX versions through Lilac.1

Description The issue allows for XSS in the common/static/common/js/discussion/utils.js file via crafted LaTeX content within a discussion. This occurs due to improper handling of user-inputted LaTeX content, which can lead to the execution of malicious scripts.

Recommendations For Open edX versions through Lilac.1, consider disabling the LaTeX rendering functionality in discussions until a patch is available to prevent potential XSS attacks. Restrict access to the discussion feature to minimize the risk of exploitation.