Description
A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).
Remediation
References
Related Vulnerabilities
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.34)
WordPress Plugin Catch Breadcrumb Cross-Site Scripting (1.5.4)
WordPress Plugin Contact Form DB-Elementor Cross-Site Request Forgery (1.5)
Liferay Portal CVE-2020-13444 Vulnerability (CVE-2020-13444)
WordPress Plugin User Submitted Posts Arbitrary File Upload (20190426)