CVE-2017-7389

Name of the Vulnerable Software and Affected Versions openeclass version Release 3.5.4

Description The issue is related to insufficient filtration of user-supplied data, specifically the meeting id and user variables, which are passed to the "openeclass-master/modules/tc/webconf/webconf.php" URL. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For openeclass version Release 3.5.4, consider restricting access to the "openeclass-master/modules/tc/webconf/webconf.php" URL until a patch is available, and ensure proper filtration of the meeting id and user variables to prevent arbitrary code execution.