CVE-2026-24665
📋 TL;DR
Authenticated students can inject malicious JavaScript into uploaded assignment files in Open eClass platform. When instructors view these submissions, the JavaScript executes in their browser session. This affects all Open eClass installations prior to version 4.2.
💻 Affected Systems
- Open eClass (formerly GUnet eClass)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Instructor accounts could be compromised, leading to unauthorized access to sensitive student data, grade manipulation, or complete system takeover if instructors have administrative privileges.
Likely Case
Attackers could steal instructor session cookies, perform actions as the instructor, or deface assignment pages.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before execution.
🎯 Exploit Status
Exploitation requires student-level access but is technically simple - just upload a malicious file with JavaScript payload.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.2
Vendor Advisory: https://github.com/gunet/openeclass/security/advisories/GHSA-2qgm-m7fm-m888
Restart Required: Yes
Instructions:
1. Backup your current installation and database. 2. Download Open eClass version 4.2 or later. 3. Follow the official upgrade documentation at https://docs.openeclass.org/. 4. Restart your web server.
🔧 Temporary Workarounds
Disable file uploads for assignments
allTemporarily disable file upload functionality for student assignments to prevent exploitation.
Implement WAF rules
allConfigure web application firewall to block JavaScript in uploaded files or suspicious file upload patterns.
🧯 If You Can't Patch
- Implement strict Content Security Policy (CSP) headers to prevent script execution from untrusted sources
- Review and sanitize all uploaded files server-side before allowing instructors to view them
🔍 How to Verify
Check if Vulnerable:
Check if your Open eClass version is below 4.2 by logging into the admin panel and viewing the version information.Check Version:
Check the version.php file in your Open eClass installation directory or view the footer in the admin interface.Verify Fix Applied:
After upgrading to 4.2 or later, test by uploading a file with JavaScript content and verifying it doesn't execute when viewed.📡 Detection & Monitoring
Log Indicators:
- Unusual file upload patterns from student accounts
- Assignment files with JavaScript content
- Multiple failed upload attempts with suspicious filenames
Network Indicators:
- HTTP requests uploading files with JavaScript content to assignment endpoints
- Unusual traffic patterns to assignment viewing pages
SIEM Query:
source="web_server" AND (url="*/modules/work/index.php" OR url="*/modules/work/submit.php") AND (file_extension="html" OR file_extension="htm" OR content_contains="<script>")