Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

openeclass — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in openeclass, with AI-generated Chinese analysis, references, and POCs.

This page aggregates known security weaknesses associated with OpenEClass, an open-source web-based educational content management system developed by the University of Athens. The collection focuses on various vulnerability classifications within this specific software ecosystem, covering advisory data and historical records from the early 2000s through the mid-2010s. By consolidating these records, the page serves as a centralized resource for security researchers, system administrators, and developers who need to assess the risk landscape of OpenEClass deployments. Users can track official advisories issued by the vendor and community members to understand the evolution of security practices for this platform. It also allows for a deeper examination of specific weakness classes, such as SQL injection, cross-site scripting, and authentication bypasses, providing context on how these flaws impacted the application over time. Additionally, individuals can look up the detailed vulnerability history of the product to identify persistent issues or recurring patterns in the codebase. This aggregation facilitates better incident response planning and helps organizations determine if their installations are exposed to previously disclosed flaws. The information presented is strictly factual, derived from publicly available security databases and vendor notices, ensuring that stakeholders have accurate data for making informed decisions about patching and mitigation strategies without speculative commentary or promotional content.

Vendor: gunet

CVE IDTitleCVSSSeverityPublished
CVE-2026-24669 Open eClass Insecure Password Reset Token Reuse Enables Account Takeover CWE-613 7.8 High2026-02-03
CVE-2026-24668 Open eClass Broken Access Control Allows Students to Add Content to Course Units CWE-284 6.5 Medium2026-02-03
CVE-2026-24667 Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access CWE-613 5.0 Medium2026-02-03
CVE-2026-24666 Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions CWE-352 6.5 Medium2026-02-03
CVE-2026-24665 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload CWE-79 8.7 High2026-02-03
CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities CWE-841 4.3 Medium2026-02-03
CVE-2026-24773 Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files CWE-639 7.5 High2026-02-03
CVE-2026-24674 Open eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple Endpoints CWE-79 4.7 Medium2026-02-03
CVE-2026-24673 Open eClass Has File Upload Filter Bypass via ZIP Archive Extraction CWE-434 4.3 Medium2026-02-03
CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields CWE-79 7.3 High2026-02-03
CVE-2026-24671 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields CWE-79 6.1 Medium2026-02-03
CVE-2026-24670 Open eClass Has Broken Access Control in Course Units Module Allows Students to Create Units CWE-284 6.5 Medium2026-02-03
CVE-2026-24664 Open eClass is Vulnerable to Username Enumeration via Login Response Discrepancies CWE-204 5.3 Medium2026-02-03
CVE-2026-22241 Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE) CWE-434 7.2 -2026-01-08
CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php" CWE-434 9.8 Critical2024-08-12

All 15 known CVE vulnerabilities affecting openeclass with full Chinese analysis, references, and POCs where available.