Description

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).

Remediation

References

CVE-2021-40492

Related Vulnerabilities

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.8)

MongoDb CVE-2024-6384 Vulnerability (CVE-2024-6384)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17310)

Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)

MongoDb Improper Input Validation Vulnerability (CVE-2018-25004)

Severity

Medium

Classification

CVE-2021-40492 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities