openeclass CVE Vulnerabilities & Metrics

Focus on openeclass vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About openeclass Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with openeclass. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total openeclass CVEs: 4
Earliest CVE date: 01 Apr 2017, 02:59 UTC
Latest CVE date: 12 Aug 2024, 15:15 UTC

Latest CVE reference: CVE-2024-38530

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical openeclass CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 1.95

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS openeclass CVEs

These are the five CVEs with the highest CVSS scores for openeclass, sorted by severity first and recency.

CVE-2017-7389 openeclass Published on 01 Apr 2017, 02:59 UTC (CVSS: 4.3)
Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVE-2022-33116 openeclass Published on 27 Jun 2022, 21:15 UTC (CVSS: 3.5)
An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.
CVE-2024-38530 openeclass Published on 12 Aug 2024, 15:15 UTC (CVSS: 0)
The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerabi...
CVE-2024-33253 openeclass Published on 13 Jun 2024, 23:15 UTC (CVSS: 0)
Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.

All CVEs for openeclass

CVE-2024-38530 openeclass vulnerability CVSS: 0 12 Aug 2024, 15:15 UTC

The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RCE on the backend server, since the upload location is accessible from the internet. This vulnerability is fixed in 3.16.

CVE-2024-33253 openeclass vulnerability CVSS: 0 13 Jun 2024, 23:15 UTC

Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.

CVE-2022-33116 openeclass vulnerability CVSS: 3.5 27 Jun 2022, 21:15 UTC

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.

CVE-2017-7389 openeclass vulnerability CVSS: 4.3 01 Apr 2017, 02:59 UTC

Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.