CVE-2026-24671
Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
03 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated high-privileged users (teachers or administrators) to inject malicious JavaScript into multiple user-controllable input fields across the application, which is executed when other users access affected pages. This issue has been patched in version 4.2.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Affected products
gunet · openeclassWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →