CVE-2026-24672
📋 TL;DR
Authenticated students in Open eClass platform can inject malicious JavaScript into user profile fields, which executes when other users view those profiles. This stored XSS vulnerability affects all Open eClass installations prior to version 4.2. The vulnerability requires student-level authentication but can impact any user with profile viewing privileges.
💻 Affected Systems
- Open eClass (formerly GUnet eClass)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform account takeovers, redirect users to malicious sites, or deploy ransomware-like payloads across the entire user base.
Likely Case
Session hijacking, credential theft, defacement of user profiles, and limited data exfiltration from affected users.
If Mitigated
Limited impact with proper input validation and output encoding, potentially only affecting users who directly interact with malicious profiles.
🎯 Exploit Status
Requires student-level authentication. Exploitation is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.2
Vendor Advisory: https://github.com/gunet/openeclass/security/advisories/GHSA-3p2x-qgxw-qvxh
Restart Required: Yes
Instructions:
1. Backup your current installation and database. 2. Download Open eClass version 4.2 from the official repository. 3. Follow the upgrade instructions in the documentation. 4. Restart your web server. 5. Verify the upgrade completed successfully.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize user profile fields
Modify user profile handling code to strip/escape HTML/JavaScript tags
Content Security Policy
allImplement strict CSP headers to prevent script execution
Add 'Content-Security-Policy: script-src 'self'' to HTTP headers
🧯 If You Can't Patch
- Disable student profile editing functionality
- Implement web application firewall rules to block XSS payloads in profile data
🔍 How to Verify
Check if Vulnerable:
Check if your Open eClass version is below 4.2. Attempt to inject basic XSS payloads into user profile fields as a student account.Check Version:
Check the version.php file or admin dashboard for version informationVerify Fix Applied:
After upgrading to 4.2, attempt to inject XSS payloads into profile fields and verify they are properly sanitized and do not execute.📡 Detection & Monitoring
Log Indicators:
- Unusual profile field updates containing script tags or JavaScript code
- Multiple failed XSS attempts in user input logs
Network Indicators:
- Unexpected external requests from user profile pages
- Suspicious JavaScript payloads in HTTP POST requests to profile endpoints
SIEM Query:
source="web_logs" AND ("<script" OR "javascript:" OR "onload=" OR "onerror=") AND uri="/user/profile/update"