CVE-2026-24665

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2

Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A stored Cross-Site Scripting (XSS) issue exists in versions before 4.2, enabling authenticated students to inject malicious JavaScript into assignment files. When instructors view these submissions, the injected script is executed. The vulnerability involves the upload of assignment files where a student can insert malicious code. This code is then executed when an instructor views the submitted assignment.

Recommendations Update to version 4.2 or later.