Open eClass
Products
1- 16 CVEs
Recent CVEs
16| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31777 | Cri | 0.67 | 9.8 | 0.04 | Jun 13, 2024 | File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint. | ||
| CVE-2024-26503 | Cri | 0.59 | 9.1 | 0.01 | Mar 14, 2024 | Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. | ||
| CVE-2026-24669 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized… | |||
| CVE-2026-24668 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged… | |||
| CVE-2026-24667 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued… | |||
| CVE-2026-24666 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform… | |||
| CVE-2026-24665 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is… | |||
| CVE-2026-24774 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have… | |||
| CVE-2026-24773 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting… | |||
| CVE-2026-24674 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting… | |||
| CVE-2026-24673 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting… | |||
| CVE-2026-24672 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when… | |||
| CVE-2026-24671 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated high-privileged users (teachers or administrators) to inject malicious JavaScript into… | |||
| CVE-2026-24670 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This… | |||
| CVE-2026-24664 | 0.00 | — | 0.00 | Feb 3, 2026 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior.… | |||
| CVE-2024-38530 | Cri | 0.00 | 9.8 | 0.01 | Aug 12, 2024 | The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may… |
- risk 0.67cvss 9.8epss 0.04
File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.
- risk 0.59cvss 9.1epss 0.01
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint.
- CVE-2026-24669Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized…
- CVE-2026-24668Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged…
- CVE-2026-24667Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued…
- CVE-2026-24666Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform…
- CVE-2026-24665Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is…
- CVE-2026-24774Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have…
- CVE-2026-24773Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting…
- CVE-2026-24674Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting…
- CVE-2026-24673Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting…
- CVE-2026-24672Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when…
- CVE-2026-24671Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated high-privileged users (teachers or administrators) to inject malicious JavaScript into…
- CVE-2026-24670Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This…
- CVE-2026-24664Feb 3, 2026risk 0.00cvss —epss 0.00
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior.…
- risk 0.00cvss 9.8epss 0.01
The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may…