Gunet

Open Eclass Platform

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2026-24669

Exploit
  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 17:00:38
  • Zuletzt bearbeitet 10.02.2026 18:31:05

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, ...

6.5

CVE-2026-24668

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 16:59:48
  • Zuletzt bearbeitet 10.02.2026 18:32:55

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally re...

5

CVE-2026-24667

  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 16:59:32
  • Zuletzt bearbeitet 10.02.2026 18:35:19

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially ena...

6.5

CVE-2026-24666

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 16:58:57
  • Zuletzt bearbeitet 10.02.2026 18:47:52

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticate...

5.4

CVE-2026-24665

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 16:58:28
  • Zuletzt bearbeitet 10.02.2026 18:48:23

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assig...

4.3

CVE-2026-24774

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 16:58:09
  • Zuletzt bearbeitet 10.02.2026 17:24:23

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, in...

7.5

CVE-2026-24773

Exploit
  • EPSS 0.06%
  • Veröffentlicht 03.02.2026 16:57:57
  • Zuletzt bearbeitet 10.02.2026 17:25:21

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other...

6.1

CVE-2026-24674

Exploit
  • EPSS 0.04%
  • Veröffentlicht 03.02.2026 16:57:07
  • Zuletzt bearbeitet 10.02.2026 17:26:57

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of aut...

5.3

CVE-2026-24673

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 16:56:59
  • Zuletzt bearbeitet 10.02.2026 17:32:26

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside...

5.4

CVE-2026-24672

Exploit
  • EPSS 0.03%
  • Veröffentlicht 03.02.2026 16:56:36
  • Zuletzt bearbeitet 10.02.2026 18:20:55

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into user profile f...