Every CVE whose affected-product data names Gibbonedu Gibbon, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2023-34598 — CVSS 9.8 (critical): Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the…
CVE-2024-24724 — CVSS 9.8 (critical): Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution…
CVE-2023-45878 — CVSS 9.8 (critical): GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require…
CVE-2024-24725 — CVSS 8.8 (high): Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the…
CVE-2022-27305 — CVSS 8.8 (high): Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.
CVE-2023-45880 — CVSS 7.2 (high): GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset…
CVE-2023-34599 — CVSS 6.1 (medium): Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary…
CVE-2021-40492 — CVSS 6.1 (medium): A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of…
CVE-2024-34831 — CVSS 6.1 (medium): cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter…
CVE-2023-45881 — CVSS 6.1 (medium): GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The…
CVE-2022-23871 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to…
CVE-2023-45879 — CVSS 5.4 (medium): GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.
CVE-2022-22868 — CVSS 4.8 (medium): Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script…
CVE-2024-51337 — CVSS 3.5 (low): Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive…