Skip to main content

Gibbon

15 CVEs product

Monthly

CVE-2025-26211 LOW Monitor

Gibbon before 29.0.00 allows CSRF. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Gibbon
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2024-51337 LOW POC Monitor

Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Gibbon
NVD GitHub
CVSS 3.1
3.5
EPSS
0.6%
CVE-2024-34831 MEDIUM POC This Month

cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS Gibbon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-24724 CRITICAL POC THREAT Act Now

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Ssti Gibbon
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
26.1%
CVE-2024-24725 HIGH POC THREAT Act Now

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Gibbon
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
51.3%
CVE-2023-45881 MEDIUM POC This Month

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS Gibbon
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-45880 HIGH POC This Week

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Gibbon
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-45879 MEDIUM POC This Month

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gibbon
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-45878 CRITICAL POC THREAT Act Now

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE PHP Gibbon
NVD
CVSS 3.1
9.8
EPSS
63.1%
CVE-2023-34599 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gibbon
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-34598 CRITICAL POC THREAT Act Now

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gibbon
NVD GitHub
CVSS 3.1
9.8
EPSS
47.2%
CVE-2022-27305 HIGH PATCH This Week

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Session Fixation Gibbon
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-27311 Ruby CRITICAL PATCH Act Now

Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Gibbon
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-40214 MEDIUM This Month

Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gibbon
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-40492 MEDIUM This Month

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Gibbon
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
EPSS 0% CVSS 3.7
LOW Monitor

Gibbon before 29.0.00 allows CSRF. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Gibbon
NVD GitHub
EPSS 1% CVSS 3.5
LOW POC Monitor

Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Gibbon
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP XSS +1
NVD GitHub
EPSS 26% CVSS 9.8
CRITICAL POC THREAT Act Now

Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Ssti +1
NVD Exploit-DB
EPSS 51% CVSS 8.8
HIGH POC THREAT Act Now

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Gibbon
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS +1
NVD
EPSS 1% CVSS 7.2
HIGH POC This Week

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Gibbon
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gibbon
NVD
EPSS 63% CVSS 9.8
CRITICAL POC THREAT Act Now

GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gibbon
NVD GitHub
EPSS 47% CVSS 9.8
CRITICAL POC THREAT Act Now

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gibbon
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Session Fixation Gibbon
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Gibbon
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gibbon
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM This Month

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Gibbon
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy