CVE-2026-28405 | MarkUsProject Markus up to 2.9.0 html_content cross site scripting (GHSA-p5pc-pxrj-3893)

A vulnerability was found in MarkUsProject Markus up to 2.9.0. It has been declared as problematic. The affected element is an unknown function of the file courses//assignments//submissions/html_content. The manipulation results in cross site scripting.

This vulnerability was named CVE-2026-28405. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More