The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors view the submission. This issue has been patched in version 4.2.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Openeclass |
|
No data.
No data.
References
History
Wed, 04 Feb 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Openeclass
Openeclass openeclass |
|
| Vendors & Products |
Openeclass
Openeclass openeclass |
Tue, 03 Feb 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors view the submission. This issue has been patched in version 4.2. | |
| Title | Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-02-03T16:58:28.914Z
Updated: 2026-02-03T16:58:28.914Z
Reserved: 2026-01-23T20:40:23.387Z
Link: CVE-2026-24665
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-03T18:16:19.543
Modified: 2026-02-03T18:16:19.543
Link: CVE-2026-24665
Redhat
No data.