CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51337
https://notcve.org/view.php?id=CVE-2024-51337
21 Nov 2024 — Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php. • https://github.com/GibbonEdu/core • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-34831 – GibbonEdu Core 26.0.00 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-34831
10 Sep 2024 — cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. GibbonEdu Core version 26.0.00 suffers from a cross site scripting vulnerability that can lead to privilege escalation. • https://packetstorm.news/files/id/181591 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27311
https://notcve.org/view.php?id=CVE-2022-27311
25 Apr 2022 — Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL. Gibbon versiones v3.4.4 y posteriores, permiten a atacantes ejecutar un ataque de tipo Server-Side Request Forgery (SSRF) por medio de una URL diseñada • https://github.com/amro/gibbon/commit/b2eb99ed304d7491a6d348a5bbdc83a008fc6e0b • CWE-918: Server-Side Request Forgery (SSRF) •