Unrated severityOSV Advisory· Published Feb 3, 2026· Updated Feb 4, 2026
Open eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple Endpoints
CVE-2026-24674
Description
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and tricking victims into visiting them. This issue has been patched in version 4.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: Release_3.0, Release_3.2, Release_4.1.1, …
- Range: <4.2
Patches
Vulnerability mechanics
References
1- github.com/gunet/openeclass/security/advisories/GHSA-gqvp-w22w-w99rmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.