Lucene search
K

130 matches found

Vulnrichment
Vulnrichment
added 2026/03/05 8:6 p.m.5 views

CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...

8CVSS5.7AI score0.00223EPSS
Exploits0References3
CVE
CVE
added 2026/03/05 8:6 p.m.25 views

CVE-2026-28405

MarkUs (web-based submission and grading system) is affected by CVE-2026-28405 through the submissions/html_content route, where content from a student-submitted file is rendered without sanitization prior to version 2.9.1. The root cause is lack of input sanitization in how submitted files are r...

8CVSS5.8AI score0.00223EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/05 8:6 p.m.4 views

CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses//assignments//submissions/htmlcontent route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1...

8CVSS5.7AI score0.00223EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.6 views

MarkUs 跨站脚本漏洞

MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.1 had a cross-site scripting vulnerability, which stemmed from failing to properly clean up when reading and rendering the content of student...

8CVSS5.6AI score0.00223EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23504

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.1 Description MarkUs is a web application used for submitting and grading student assignments. Versions prior to 2.9.1 are susceptible to an issue where the application reads and renders the contents of...

8CVSS6AI score0.00223EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/10 7:23 p.m.5 views

CVE-2026-25057

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

9.1CVSS5.5AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/10 7:22 p.m.5 views

CVE-2026-24900

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

6.5CVSS5.7AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 8:15 p.m.8 views

CVE-2026-24900

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

6.5CVSS0.00251EPSS
Exploits0References3
NVD
NVD
added 2026/02/09 8:15 p.m.6 views

CVE-2026-25057

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

9.1CVSS0.00469EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/09 7:16 p.m.2 views

CVE-2026-25057 Zip Slip in MarkUs config upload allowing RCE

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

9.1CVSS5.6AI score0.00469EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 7:16 p.m.5 views

CVE-2026-25057

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

9.1CVSS5.5AI score0.00469EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/02/09 7:16 p.m.30 views

CVE-2026-25057 Zip Slip in MarkUs config upload allowing RCE

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

9.1CVSS0.00469EPSS
Exploits0References3
CVE
CVE
added 2026/02/09 7:16 p.m.29 views

CVE-2026-25057

CVE-2026-25057 affects MarkUs prior to version 2.9.1. Instructors can upload a zip file to create an assignment from an exported configuration, and the zip entry names are used to construct paths for writing files to disk without validating those paths. This can allow arbitrary path usage during ...

9.1CVSS5.6AI score0.00469EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/09 7:16 p.m.6 views

CVE-2026-25057 Zip Slip in MarkUs config upload allowing RCE

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration courses//assignments/uploadconfigfiles. The uploaded zip file entry names are used to create paths to...

9.1CVSS5.6AI score0.00469EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/09 6:39 p.m.3 views

CVE-2026-24900 MarkUs has a submission-view IDOR exposes all student submissions

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

6.5CVSS5.7AI score0.00251EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/09 6:39 p.m.28 views

CVE-2026-24900 MarkUs has a submission-view IDOR exposes all student submissions

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

6.5CVSS0.00251EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 6:39 p.m.4 views

CVE-2026-24900

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

6.5CVSS5.7AI score0.00251EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/09 6:39 p.m.22 views

CVE-2026-24900

An active vulnerability in MarkUs prior to version 2.9.1: the submissions/html_content endpoint accepts a select_file_id parameter that is not properly scoped to the requesting user, allowing access to arbitrary submission file contents by id. Impact is confidentiality (HIGH) without integrity/av...

6.5CVSS5.7AI score0.00251EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/09 6:39 p.m.6 views

CVE-2026-24900 MarkUs has a submission-view IDOR exposes all student submissions

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.6 views

PT-2026-7132

Name of the Vulnerable Software and Affected Versions MarkUs versions prior to 2.9.1 Description MarkUs is a web application used for submitting and grading student assignments. Prior to version 2.9.1, instructors could upload a zip file to create an assignment from an exported configuration via...

9.1CVSS5.4AI score0.00469EPSS
Exploits0References10
Rows per page
Query Builder