Vulnerabilities > Gibbonedu > Gibbon > 9.1.00
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-45878 | Unspecified vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. | 9.8 |
| 2023-11-14 | CVE-2023-45879 | Cross-site Scripting vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. | 5.4 |
| 2023-11-14 | CVE-2023-45880 | Path Traversal vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. | 7.2 |
| 2023-11-14 | CVE-2023-45881 | Cross-site Scripting vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. | 6.1 |
| 2022-05-25 | CVE-2022-27305 | Session Fixation vulnerability in Gibbonedu Gibbon Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. | 8.8 |