Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
gunet Open eClass v3.11 allows attackers to execute code via uploaded SVG file
CVE-2025-65734
Summary
A security issue in the Courses/Work Assignments module of gunet Open eClass v3.11 allows attackers to run malicious code on a website after uploading a specially crafted image file. This could potentially lead to unauthorized actions being performed on the website. Update to version 3.13 or later to fix this issue.
Original title
An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading ...
Original description
An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file.
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026