EUVD-2026-35796

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...