CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45879
https://notcve.org/view.php?id=CVE-2023-45879
14 Nov 2023 — GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. GibbonEdu Gibbon versión 25.0.0 permite la inyección de HTML a través de un elemento IFRAME al componente Messager. • https://herolab.usd.de/security-advisories/usd-2023-0019 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45880
https://notcve.org/view.php?id=CVE-2023-45880
14 Nov 2023 — GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot. GibbonEdu Gibbon hasta la versión 25.0.0 permite el Directory Traversal a través del generador de plantillas de informes. • https://herolab.usd.de/security-advisories/usd-2023-0022 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45878
https://notcve.org/view.php?id=CVE-2023-45878
14 Nov 2023 — GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined file path. • https://herolab.usd.de/security-advisories/usd-2023-0025 • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45881
https://notcve.org/view.php?id=CVE-2023-45881
14 Nov 2023 — GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response. GibbonEdu Gibbon hasta la versión 25.0.0 permite la carga de archivos /modules/Planner/resources_addQuick_ajaxProcess.php con el XSS resultante. El parámetro imageAsLinks debe establecerse en Y para devolver código HTML. • https://herolab.usd.de/security-advisories/usd-2023-0024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 22%CPEs: 1EXPL: 2CVE-2023-34598
https://notcve.org/view.php?id=CVE-2023-34598
29 Jun 2023 — Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. • https://github.com/maddsec/CVE-2023-34598 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34599
https://notcve.org/view.php?id=CVE-2023-34599
29 Jun 2023 — Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. • https://github.com/maddsec/CVE-2023-34599 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •