CVE-2026-24671

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2

Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A Stored Cross-Site Scripting (XSS) issue exists in versions before 4.2, allowing authenticated high-privileged users, such as teachers or administrators, to inject malicious JavaScript into user-controllable input fields. This injected script is then executed when other users access the affected pages.

Recommendations Update to version 4.2 or later.