CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51337
https://notcve.org/view.php?id=CVE-2024-51337
21 Nov 2024 — Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php. • https://github.com/GibbonEdu/core • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-34831 – GibbonEdu Core 26.0.00 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-34831
10 Sep 2024 — cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. GibbonEdu Core version 26.0.00 suffers from a cross site scripting vulnerability that can lead to privilege escalation. • https://packetstorm.news/files/id/181591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •