CVE-2026-24674 | THREATINT

Description

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and tricking victims into visiting them. This issue has been patched in version 4.2.

PUBLISHED Reserved 2026-01-23 | Published 2026-02-03 | Updated 2026-02-04 | Assigner GitHub_M

MEDIUM: 4.7CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 4.2

affected

References

github.com/...eclass/security/advisories/GHSA-gqvp-w22w-w99r

cve.org (CVE-2026-24674)

nvd.nist.gov (CVE-2026-24674)

Download JSON