WEB APPLICATION VULNERABILITIES Standard & Premium

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45879)

Description

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.

Remediation

References

Related Vulnerabilities

CubeCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3724)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1754)

WordPress Plugin Login or Logout Menu Item Security Bypass (1.1.1)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4302)

WordPress Plugin Yasr-Yet Another Stars Rating SQL Injection (0.9.0)

Severity

Medium

Classification

CVE-2023-45879 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities