CVE-2026-24671 - CERT CVE
ID CVE-2026-24671
Sažetak The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated high-privileged users (teachers or administrators) to inject malicious JavaScript into multiple user-controllable input fields across the application, which is executed when other users access affected pages. This issue has been patched in version 4.2.
Reference
CVSS
Base: 6.1
Impact: 5.2
Exploitability:0.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Zadnje važnije ažuriranje 10-02-2026 - 18:21
Objavljeno 03-02-2026 - 18:16