PT-2024-25170 · Gunet · Gunet Openeclass E-Learning Platform
Published
2024-06-13
·
Updated
2024-08-07
·
CVE-2024-33253
CVSS v3.1
6.0
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
GUnet OpenEclass E-learning Platform versions 3.15 and before
Description
The issue is a cross-site scripting (XSS) vulnerability that allows an authenticated privileged attacker to execute arbitrary code. This can be achieved via the title and description fields of the badge template editing function.
Recommendations
For versions 3.15 and before, consider disabling the badge template editing function until a patch is available to prevent exploitation. Restrict access to the title and description fields in the badge template editing function to minimize the risk of arbitrary code execution.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gunet Openeclass E-Learning Platform