Vulnerability Database

321,179

Total vulnerabilities in the database

CVE-2026-24674

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and tricking victims into visiting them. This issue has been patched in version 4.2.

Published: Feb 3, 2026
Updated: Feb 4, 2026
CVE: CVE-2026-24674
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.7
AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://github.com/gunet/openeclass/security/advisories/GHSA-gqvp-w22w-w99r

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo