CVE-2026-24665: The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2,
highvulnerability
security
Summary
Open eClass, a course management system (software that helps teachers organize classes and assignments), had a stored XSS vulnerability (a security flaw where attackers inject harmful code that runs when other users view it) in versions before 4.2. Authenticated students could inject malicious JavaScript (code that runs in web browsers) into assignment files, and this code would execute when instructors viewed the submissions.
Solution / Mitigation
This issue has been patched in version 4.2. Users should upgrade to version 4.2 or later.
Vulnerability Details
CVSS Score
8.7(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack SophisticationTrivial
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-24665
First tracked: February 15, 2026 at 08:37 PM
Classified by LLM (prompt v3) · confidence: 95%