Description
A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).
Remediation
References
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2017-7189)
Django 7PK - Security Features Vulnerability (CVE-2016-7401)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4792)
Apache Tomcat Other Vulnerability (CVE-2007-3383)
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2023-5678)