Vulnerabilities > Gibbonedu > Gibbon > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-45879 | Cross-site Scripting vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. | 5.4 |
| 2023-11-14 | CVE-2023-45881 | Cross-site Scripting vulnerability in Gibbonedu Gibbon GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. | 6.1 |
| 2023-06-29 | CVE-2023-34599 | Cross-site Scripting vulnerability in Gibbonedu Gibbon 25.0.00 Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. | 6.1 |
| 2022-02-03 | CVE-2022-23871 | Cross-site Scripting vulnerability in Gibbonedu Gibbon 22.0.01 Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters. | 5.4 |
| 2022-01-28 | CVE-2022-22868 | Cross-site Scripting vulnerability in Gibbonedu Gibbon 22.0.01 Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. | 4.8 |
| 2021-09-13 | CVE-2021-40214 | Cross-site Scripting vulnerability in Gibbonedu Gibbon 22.0.00 Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. | 5.4 |
| 2021-09-03 | CVE-2021-40492 | Cross-site Scripting vulnerability in Gibbonedu Gibbon 22.0.00 A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). | 6.1 |