221 matches found
CVE-2026-24665
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...
EUVD-2026-5230
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...
CVE-2026-24665 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...
CVE-2026-24665 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...
CVE-2026-24774
Open eClass (formerly GUnet eClass) before version 4.2 is affected by a business‑logic flaw that lets authenticated students mark themselves present in attendance for activities, including those that have expired, by directly accessing a crafted URL. The issue has been patched in version 4.2. Rem...
CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
CVE-2026-24774
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
EUVD-2026-5231
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
EUVD-2026-5232
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...
CVE-2026-24773
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...
CVE-2026-24773
The Open eClass platform (formerly GUnet eClass) before version 4.2 is affected by an Insecure Direct Object Reference (IDOR) that allows unauthenticated remote attackers to access other users’ personal files by requesting predictable user identifiers. Root cause: insufficient authorization check...
CVE-2026-24773 Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...
CVE-2026-24773 Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...
CVE-2026-24773 Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...
EUVD-2026-5234
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...
CVE-2026-24674 Open eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple Endpoints
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...
CVE-2026-24674
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...
CVE-2026-24674 Open eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple Endpoints
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...