CVE-2026-28405 - MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions

CVE ID : CVE-2026-28405 Published : March 5, 2026, 9:16 p.m. | 27 minutes ago Description : MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.1, the courses/<:course_id/assignments/<:assignment_id/submissions/html_content route reads the contents of a student-submitted file and renders them without sanitization. This issue has been patched in version 2.9.1. Severity: 8.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...