PT-2026-6204 · Unknown · Open Eclass
Stolichnayer
·
Published
2026-02-03
·
Updated
2026-02-03
·
CVE-2026-24672
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Open eClass versions prior to 4.2
Description
The Open eClass platform, previously known as GUnet eClass, a course management system, contains a Stored Cross-Site Scripting (XSS) issue. Authenticated students can inject malicious JavaScript into user profile fields. This JavaScript is executed when users with viewing privileges access the affected application pages. Stored Cross-Site Scripting (XSS) occurs when malicious scripts are persistently stored on the target servers, such as in databases, message forums, visitor logs, or comment fields.
Recommendations
Update to version 4.2 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Eclass