CVE-2026-24665

HighPublic PoC

Published: 03 February 2026

Published

03 February 2026

Modified

10 February 2026

KEV Added

—

Patch

—

CVSS Score 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS Score 0.0004 13.3th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24665 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gunet Open Eclass Platform. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match

prevent

Filters and encodes output of uploaded assignment files to prevent execution of stored malicious JavaScript when viewed by instructors.

SI-10 Information Input Validation good match

prevent

Validates content of uploaded assignment files to reject or sanitize malicious JavaScript payloads from authenticated students.

SI-2 Flaw Remediation good match

prevent

Remediates the specific stored XSS flaw by applying the patch in Open eClass version 4.2.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1185 Browser Session Hijacking Collection

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

Why these techniques?

Stored XSS in public-facing web app (T1190) directly enables browser session hijacking (T1185) and theft of web session cookies (T1539) when instructors view malicious uploads.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when…

instructors view the submission. This issue has been patched in version 4.2.

Deeper analysisAI

CVE-2026-24665 is a stored Cross-Site Scripting (XSS) vulnerability, classified under CWE-79, affecting the Open eClass platform (formerly GUnet eClass), a complete course management system. In versions prior to 4.2, the flaw exists in the handling of uploaded assignment files, where malicious JavaScript can be injected and stored. The vulnerability carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to its network accessibility, low attack complexity, and potential for significant confidentiality and integrity impacts with a changed scope.

Authenticated students can exploit this vulnerability by uploading assignment files containing injected JavaScript payloads. When instructors view the submission, the malicious script executes in the instructor's browser context, potentially allowing attackers to steal sensitive data such as session cookies, credentials, or other instructor-specific information, or to manipulate the page for further phishing or unauthorized actions.

The issue has been addressed in Open eClass version 4.2, as detailed in the GitHub security advisory at https://github.com/gunet/openeclass/security/advisories/GHSA-2qgm-m7fm-m888, which recommends upgrading to the patched release for mitigation.