CVE-2026-24672

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2

Description The Open eClass platform, previously known as GUnet eClass, a course management system, contains a Stored Cross-Site Scripting (XSS) issue. Authenticated students can inject malicious JavaScript into user profile fields. This JavaScript is executed when users with viewing privileges access the affected application pages. Stored Cross-Site Scripting (XSS) occurs when malicious scripts are persistently stored on the target servers, such as in databases, message forums, visitor logs, or comment fields.

Recommendations Update to version 4.2 or later.