Vulnerabilities (CVE)

Filtered by vendor Openeclass Subscribe
Filtered by product Openeclass
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-33253 1 Openeclass 1 Openeclass 2024-11-21 N/A 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.
CVE-2022-33116 1 Openeclass 1 Openeclass 2024-11-21 3.5 LOW 6.5 MEDIUM
An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.
CVE-2017-7389 1 Openeclass 1 Openeclass 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2024-38530 1 Openeclass 1 Openeclass 2024-08-13 N/A 9.8 CRITICAL
The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16.