Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

openeclass — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in openeclass, with AI-generated Chinese analysis, references, and POCs.

Vendor: gunet

CVE IDTitleCVSSSeverityPublished
CVE-2026-24669 Open eClass Insecure Password Reset Token Reuse Enables Account Takeover CWE-613 7.8 High2026-02-03
CVE-2026-24668 Open eClass Broken Access Control Allows Students to Add Content to Course Units CWE-284 6.5 Medium2026-02-03
CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access CWE-613 5.0 Medium2026-02-03
CVE-2026-24666 Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions CWE-352 6.5 Medium2026-02-03
CVE-2026-24665 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload CWE-79 8.7 High2026-02-03
CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities CWE-841 4.3 Medium2026-02-03
CVE-2026-24773 Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files CWE-639 7.5 High2026-02-03
CVE-2026-24674 Open eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple Endpoints CWE-79 4.7 Medium2026-02-03
CVE-2026-24673 Open eClass Has File Upload Filter Bypass via ZIP Archive Extraction CWE-434 4.3 Medium2026-02-03
CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields CWE-79 7.3 High2026-02-03
CVE-2026-24671 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields CWE-79 6.1 Medium2026-02-03
CVE-2026-24670 Open eClass Has Broken Access Control in Course Units Module Allows Students to Create Units CWE-284 6.5 Medium2026-02-03
CVE-2026-24664 Open eClass is Vulnerable to Username Enumeration via Login Response Discrepancies CWE-204 5.3 Medium2026-02-03
CVE-2026-22241 Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE) CWE-434 7.2 -2026-01-08
CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php" CWE-434 9.8 Critical2024-08-12

All 15 known CVE vulnerabilities affecting openeclass with full Chinese analysis, references, and POCs where available.