Browse all 8 CVE security advisories affecting MarkUsProject. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MarkUsProject is an open-source assignment management system primarily used in educational settings. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) attacks, and privilege escalation flaws. The project has recorded eight CVEs, with several allowing unauthorized access or system compromise. Notable security characteristics include its academic focus and the potential for widespread impact in educational institutions. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in web application components suggests ongoing need for security hardening and regular updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25962 | MarkUs: Zip bomb in config upload enables DoS — MarkusCWE-409 | 6.5 | Medium | 2026-03-06 |
| CVE-2026-27807 | MarkUs: YAML alias (‘billion laughs’) DoS in config upload — MarkusCWE-776 | 4.9 | Medium | 2026-03-06 |
| CVE-2026-28405 | MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions — MarkusCWE-79 | 8.0 | High | 2026-03-05 |
| CVE-2026-25057 | Zip Slip in MarkUs config upload allowing RCE — MarkusCWE-23 | 9.1 | Critical | 2026-02-09 |
| CVE-2026-24900 | MarkUs has a submission-view IDOR exposes all student submissions — MarkusCWE-639 | 6.5 | Medium | 2026-02-09 |
| CVE-2024-51743 | Arbitrary File Write leading up to remote code execution (instructor accounts) — MarkusCWE-434 | 8.8AI | HighAI | 2024-11-18 |
| CVE-2024-51499 | MarkUs Arbitrary File Write leading up to remote code execution (student accounts) — MarkusCWE-434 | 8.8AI | HighAI | 2024-11-18 |
| CVE-2024-47820 | MarkUs vulnerable to Path Traversal — MarkusCWE-22 | 5.7 | Medium | 2024-11-18 |
This page lists every published CVE security advisory associated with MarkUsProject. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.