Gibbonedu: >> Gibbon Security Vulnerabilities
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-05-25
Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-02-03
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters.
CVSS Score
4.8
EPSS Score
0.003
Published
2022-01-28
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-13
A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).
CVSS Score
6.1
EPSS Score
0.153
Published
2021-09-03
Page 2