CVE-2026-24672

Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields

Description

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing privileges access affected application pages. This issue has been patched in version 4.2.

INFO

Published Date :

2026-02-03T16:56:36.889Z

Last Modified :

2026-02-04T16:52:30.735Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-24672 vulnerability.

Vendors	Products
Gunet	Open Eclass Platform
Openeclass	Openeclass

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24672.

URL	Resource
https://github.com/gunet/openeclass/security/advisories/GHSA-3p2x-qgxw-qvxh

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact