Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gibbonedu Subscribe
Filtered by product Gibbon
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27305 1 Gibbonedu 1 Gibbon 2022-06-08 6.8 MEDIUM 8.8 HIGH
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
CVE-2022-23871 1 Gibbonedu 1 Gibbon 2022-02-07 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.
CVE-2022-22868 1 Gibbonedu 1 Gibbon 2022-02-02 3.5 LOW 4.8 MEDIUM
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters.
CVE-2021-40214 1 Gibbonedu 1 Gibbon 2021-09-22 3.5 LOW 5.4 MEDIUM
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
CVE-2021-40492 1 Gibbonedu 1 Gibbon 2021-09-07 4.3 MEDIUM 6.1 MEDIUM
A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).