CNNVD-202602-328 Information

CNNVD ID

CNNVD-202602-328

Related CVE

CVE-2026-24666

• CNNVD Published: 2026-02-03

Description (Chinese)

Open eClass是Greek Universities Network开源的一个电子课堂系统。 Open eClass 4.2之前版本存在跨站请求伪造漏洞，该漏洞源于多个教师受限端点存在跨站请求伪造，可能导致攻击者通过特制请求诱使已认证教师执行非预期操作。

Description (English)

Open eClass is an electronic classroom system that is an open source for Greek United Nations Network. A previous version of Open eClass 4.2 had a forgery gap in cross-site requests, which stemmed from the existence of cross-site requests at several teacher-restricted endpoints, which could lead the attackers to induce certified teachers to perform unexpected operations through ad hoc requests.

Hazard Level

High

Vulnerability Type

跨站请求伪造

Affected Vendor

Greek Universities Network

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/gunet/openeclass/security/advisories/GHSA-cgmh-73qg-28fm https://access.redhat.com/security/cve/cve-2026-24666

Patch

https://github.com/gunet/openeclass/tags