Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27305 | 1 Gibbonedu | 1 Gibbon | 2022-06-08 | 6.8 MEDIUM | 8.8 HIGH |
| Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. | |||||
| CVE-2022-23871 | 1 Gibbonedu | 1 Gibbon | 2022-02-07 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters. | |||||
| CVE-2022-22868 | 1 Gibbonedu | 1 Gibbon | 2022-02-02 | 3.5 LOW | 4.8 MEDIUM |
| Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. | |||||
| CVE-2021-40214 | 1 Gibbonedu | 1 Gibbon | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. | |||||
| CVE-2021-40492 | 1 Gibbonedu | 1 Gibbon | 2021-09-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). | |||||