Vulnerabilities > Gibbonedu > Gibbon > 25.0.00
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-45878 | Unspecified vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. | 9.8 |
2023-11-14 | CVE-2023-45879 | Cross-site Scripting vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. | 5.4 |
2023-11-14 | CVE-2023-45880 | Path Traversal vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. | 7.2 |
2023-11-14 | CVE-2023-45881 | Cross-site Scripting vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. | 6.1 |
2023-06-29 | CVE-2023-34598 | Path Traversal vulnerability in Gibbonedu Gibbon 25.0.00 Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. | 9.8 |
2023-06-29 | CVE-2023-34599 | Cross-site Scripting vulnerability in Gibbonedu Gibbon 25.0.00 Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. | 6.1 |