WEB APPLICATION VULNERABILITIES Standard & Premium

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45879)

Description

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.

Remediation

References

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-28329)

osCommerce Other Vulnerability (CVE-2005-1951)

LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43331)

WordPress Plugin ShareThis Dashboard for Google Analytics Cross-Site Scripting (2.5.1)

Severity

Medium

Classification

CVE-2023-45879 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities