Canvas LMS Vulnerabilities Research - absentee-neptune/Senior-Capstone GitHub Wiki
What it has access to:
- Computer files
- Personal (or School) Google drive/docs
- Computer Screen
Common Canvas LMS vulnerabilities found so far:
- Didn’t start implementing CVE’s until 2017, yet there is evidence of private vulnerability testing being done as far back as 2011 a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code.
- XSS is in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users.
- XSS is a big trend