Skip to main content

Markus

8 CVEs product

Monthly

CVE-2026-27807 MEDIUM This Month

Markus versions up to 2.9.4 is affected by improper restriction of recursive entity references in dtds (CVSS 4.9).

XXE Denial Of Service Markus
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-25962 MEDIUM This Month

Unrestricted zip file extraction in MarkUs prior to version 2.9.4 allows authenticated users to trigger denial of service through resource exhaustion by uploading specially crafted archives with excessive file counts or sizes. Instructors and students can exploit this during assignment configuration uploads or submission handling to consume server resources and impact system availability. No patch is currently available for affected installations.

Information Disclosure Markus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28405 HIGH PATCH This Week

MarkUs prior to version 2.9.1 fails to sanitize user-submitted file contents in the HTML rendering endpoint, allowing authenticated users with UI interaction to inject malicious scripts that execute in other users' browsers. An attacker can exploit this reflected cross-site scripting vulnerability to steal session tokens, modify grades, or perform actions on behalf of affected students and instructors. The vulnerability has been patched in version 2.9.1.

XSS Markus
NVD GitHub
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-25057 CRITICAL PATCH Act Now

MarkUs grading platform prior to 2.9.1 has a path traversal enabling students to access other students' submissions or grading data.

Path Traversal Markus
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-24900 MEDIUM PATCH This Month

Markus versions up to 2.9.1 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Markus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-51743 HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
CVSS 4.0
7.1
EPSS
0.7%
CVE-2024-51499 HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
CVSS 4.0
7.1
EPSS
0.7%
CVE-2024-47820 LOW PATCH Monitor

MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Path Traversal Markus
NVD GitHub
CVSS 3.1
3.5
EPSS
0.7%
EPSS 0% CVSS 4.9
MEDIUM This Month

Markus versions up to 2.9.4 is affected by improper restriction of recursive entity references in dtds (CVSS 4.9).

XXE Denial Of Service Markus
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Unrestricted zip file extraction in MarkUs prior to version 2.9.4 allows authenticated users to trigger denial of service through resource exhaustion by uploading specially crafted archives with excessive file counts or sizes. Instructors and students can exploit this during assignment configuration uploads or submission handling to consume server resources and impact system availability. No patch is currently available for affected installations.

Information Disclosure Markus
NVD GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Week

MarkUs prior to version 2.9.1 fails to sanitize user-submitted file contents in the HTML rendering endpoint, allowing authenticated users with UI interaction to inject malicious scripts that execute in other users' browsers. An attacker can exploit this reflected cross-site scripting vulnerability to steal session tokens, modify grades, or perform actions on behalf of affected students and instructors. The vulnerability has been patched in version 2.9.1.

XSS Markus
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

MarkUs grading platform prior to 2.9.1 has a path traversal enabling students to access other students' submissions or grading data.

Path Traversal Markus
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Markus versions up to 2.9.1 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Markus
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
EPSS 1% CVSS 3.5
LOW PATCH Monitor

MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity.

Path Traversal Markus
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy