45 matches found
EUVD-2026-5230
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...
CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
EUVD-2026-5231
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
CVE-2026-24774
Open eClass (formerly GUnet eClass) before version 4.2 is affected by a business‑logic flaw that lets authenticated students mark themselves present in attendance for activities, including those that have expired, by directly accessing a crafted URL. The issue has been patched in version 4.2. Rem...
CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
EUVD-2026-5237
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
CVE-2026-24672
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
CVE-2026-24672
The CVE-2026-24672 entry concerns the Open eClass platform (formerly GUnet eClass). Before version 4.2, authenticated students could inject stored JavaScript into user profile fields, which executes when users with viewing privileges access affected pages. The vulnerability has been patched in ve...
EUVD-2026-5239
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...
CVE-2026-24670 Open eClass Has Broken Access Control in Course Units Module Allows Students to Create Units
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...
CVE-2026-24670
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...
Open eClass 访问控制错误漏洞
Open eClass is an e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a security vulnerability related to access control. This vulnerability resulted from improper access control mechanisms, which could allow authenticated students to...
Open eClass 安全漏洞
Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained security vulnerabilities. These vulnerabilities were caused by business logic flaws, which could allow authenticated students to mark themselves as attendin...
PT-2026-6202
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A broken access control issue permits authenticated students to create new course units, a function...
Open eClass 跨站脚本漏洞
Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the storage of cross-site scripts in user profile fields, which could allow...
PT-2026-6197
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A stored Cross-Site Scripting XSS issue exists in versions before 4.2, enabling authenticated students to...
PT-2026-6204
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, a course management system, contains a Stored Cross-Site Scripting XSS issue. Authenticated students can inject malicious JavaScript into...