top of page
perceptive_background_267k.jpg

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vuln…

Published:

2 February 2026 at 23:00:00

Alert date:

3 February 2026 at 19:04:17

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

The Open eClass platform (formerly GUnet eClass) course management system contains a stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.2. The vulnerability allows authenticated students to inject malicious JavaScript code into uploaded assignment files. When instructors view these submissions, the malicious code executes in their browsers. This stored XSS attack vector could potentially allow students to compromise instructor accounts or steal sensitive information. The vulnerability has been patched in version 4.2 of the Open eClass platform.

Technical details

Mitigation steps:

Affected products:

Open eClass
GUnet eClass

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-24665
https://github.com/gunet/openeclass/security/advisories/GHSA-2qgm-m7fm-m888

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page