Skip to main content

Gibbon CVE-2023-34599

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-06-29 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 29, 2023 - 15:15 nvd
MEDIUM 6.1

DescriptionNVD

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.

AnalysisAI

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. Affected products include: Gibbonedu Gibbon.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Gibbon

View all
CVE-2024-24725 HIGH POC
8.8 Mar 23

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POS

CVE-2024-24724 CRITICAL POC
9.8 Apr 03

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Re

CVE-2023-45878 CRITICAL POC
9.8 Nov 14

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not

CVE-2023-34598 CRITICAL POC
9.8 Jun 29

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files

CVE-2023-45880 HIGH POC
7.2 Nov 14

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. Rated high severity

CVE-2024-34831 MEDIUM POC
6.1 Sep 10

cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the im

CVE-2023-45881 MEDIUM POC
6.1 Nov 14

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resu

CVE-2022-27311 CRITICAL
9.8 Apr 25

Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. Rated critic

CVE-2023-45879 MEDIUM POC
5.4 Nov 14

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. Rated medium seve

CVE-2022-27305 HIGH
8.8 May 25

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to se

CVE-2024-51337 LOW POC
3.5 Nov 21

Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain

CVE-2021-40492 MEDIUM
6.1 Sep 03

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary

Share

CVE-2023-34599 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy