Lucene search
+L

45 matches found

EUVD
EUVD
added 2026/02/03 4:58 p.m.10 views

EUVD-2026-5230

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...

8.7CVSS5.3AI score0.00182EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/03 4:58 p.m.4 views

CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...

4.3CVSS5.4AI score0.00201EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:58 p.m.10 views

EUVD-2026-5231

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...

4.3CVSS5.4AI score0.00201EPSS
Exploits1References1
CVE
CVE
added 2026/02/03 4:58 p.m.63 views

CVE-2026-24774

Open eClass (formerly GUnet eClass) before version 4.2 is affected by a business‑logic flaw that lets authenticated students mark themselves present in attendance for activities, including those that have expired, by directly accessing a crafted URL. The issue has been patched in version 4.2. Rem...

4.3CVSS5.4AI score0.00201EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/02/03 4:58 p.m.8 views

CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...

4.3CVSS5.4AI score0.00201EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/03 4:58 p.m.43 views

CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...

4.3CVSS0.00201EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:56 p.m.5 views

EUVD-2026-5237

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...

7.3CVSS5.3AI score0.00182EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:56 p.m.4 views

CVE-2026-24672

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...

7.3CVSS5.3AI score0.00182EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/03 4:56 p.m.7 views

CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...

7.3CVSS5.3AI score0.00182EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/03 4:56 p.m.3 views

CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...

7.3CVSS5.3AI score0.00182EPSS
Exploits1References1
CVE
CVE
added 2026/02/03 4:56 p.m.26 views

CVE-2026-24672

The CVE-2026-24672 entry concerns the Open eClass platform (formerly GUnet eClass). Before version 4.2, authenticated students could inject stored JavaScript into user profile fields, which executes when users with viewing privileges access affected pages. The vulnerability has been patched in ve...

7.3CVSS5.3AI score0.00182EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/02/03 4:56 p.m.5 views

EUVD-2026-5239

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/03 4:56 p.m.29 views

CVE-2026-24670 Open eClass Has Broken Access Control in Course Units Module Allows Students to Create Units

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS0.00207EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:56 p.m.5 views

CVE-2026-24670

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

Open eClass 访问控制错误漏洞

Open eClass is an e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a security vulnerability related to access control. This vulnerability resulted from improper access control mechanisms, which could allow authenticated students to...

6.5CVSS5.8AI score0.00207EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Open eClass 安全漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained security vulnerabilities. These vulnerabilities were caused by business logic flaws, which could allow authenticated students to mark themselves as attendin...

4.3CVSS5.8AI score0.00201EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-6202

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A broken access control issue permits authenticated students to create new course units, a function...

6.5CVSS5.4AI score0.00207EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Open eClass 跨站脚本漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the storage of cross-site scripts in user profile fields, which could allow...

7.3CVSS5.6AI score0.00182EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-6197

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A stored Cross-Site Scripting XSS issue exists in versions before 4.2, enabling authenticated students to...

8.7CVSS5.6AI score0.00182EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.11 views

PT-2026-6204

Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, a course management system, contains a Stored Cross-Site Scripting XSS issue. Authenticated students can inject malicious JavaScript into...

7.3CVSS5.4AI score0.00182EPSS
Exploits1References5
Rows per page
Query Builder