CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33253
https://notcve.org/view.php?id=CVE-2024-33253
13 Jun 2024 — Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function. Vulnerabilidad de Cross-site scripting (XSS) en GUnet OpenEclass E-learning Platform versión 3.15 y anteriores permite a un atacante privilegiado autenticado ejecutar código arbitrario a través de los campos de título y descripción de la función de edición de p... • https://github.com/FreySolarEye/CVE/blob/master/GUnet%20OpenEclass%20E-learning%20platform%203.15%20-%20%27certbadge.php%27%20Stored%20Cross%20Site%20Scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33116
https://notcve.org/view.php?id=CVE-2022-33116
27 Jun 2022 — An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. Un problema en la variable jmpath en el archivo /modules/mindmap/index.php de GUnet Open eClass Platform (también se conoce como openeclass) versiones v3.12.4 y anteriores, permite a atacantes leer archivos arbitrarios por medio de un salto de directorio • https://emaragkos.gr/gunet-open-eclass-authenticated-path-traversal • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7389
https://notcve.org/view.php?id=CVE-2017-7389
01 Apr 2017 — Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Se han descubierto múltiples XSS en 'openeclass Release_3.5.4'. Las vulnerabilidades existen debido a la filtración insuficiente de los datos proporc... • http://www.securityfocus.com/bid/97310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •