CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-22868
https://notcve.org/view.php?id=CVE-2022-22868
28 Jan 2022 — Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. Se ha detectado que Gibbon CMS versión v22.0.01, contiene una vulnerabilidad de tipo cross-site scripting (XSS), que permite a atacantes inyectar script arbitrario por medio de parámetros name • https://github.com/GibbonEdu/core/issues/1594 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40214
https://notcve.org/view.php?id=CVE-2021-40214
13 Sep 2021 — Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. Gibbon versión v22.0.00, sufre una vulnerabilidad de tipo XSS almacenado dentro del componente wall messages • https://gibbonedu.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40492
https://notcve.org/view.php?id=CVE-2021-40492
03 Sep 2021 — A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). Se presenta una vulnerabilidad de tipo XSS reflejada en varias páginas en versión 22 de la aplicación Gibbon que permite una ejecución arbitraria de JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate o allStudents a index.php) • https://github.com/5qu1n7/CVE-2021-40492 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •