The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors view the submission. This issue has been patched in version 4.2.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Tue, 03 Feb 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors view the submission. This issue has been patched in version 4.2. | |
| Title | Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-02-03T16:58:28.914Z
Reserved: 2026-01-23T20:40:23.387Z
Link: CVE-2026-24665
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-03T18:16:19.543
Modified: 2026-02-03T18:16:19.543
Link: CVE-2026-24665
Redhat
No data.
OpenCVE Enrichment
No data.