CVE-2026-24672

HIGH

7.3

Descricao

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing privileges access affected application pages. This issue has been patched in version 4.2.

Detalhes CVE

Pontuacao CVSS v3.17.3

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioREQUIRED

Publicado2/3/2026

Ultima modificacao2/10/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

gunet:open_eclass_platform

Fraquezas (CWE)

CWE-79

Referencias

https://github.com/gunet/openeclass/security/advisories/GHSA-3p2x-qgxw-qvxh(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.