gibbonedu CVE 脆弱性と CVE 一覧(16)

製品(CPE): — CVE 件数: 16

gibbonedu 脆弱性概要

gibbonedu 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk cross-site scripting、パス処理の欠陥、vendor risk csrf, and vendor risk memory corruption があり、vendor surface software deployment の利用場面で vendor impact session compromise、ファイル上書き, and vendor impact memory corruption などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 116 / 16 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-26211 Gibbon before 29.0.00 allows CSRF. [email protected] 3.7 0.16% 2025-05-27 2026-06-17
CVE-2024-51337 Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php. [email protected] 3.5 0.58% 2024-11-21 2026-06-17
CVE-2024-34831 cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. [email protected] 6.1 0.85% 2024-09-10 2026-06-17
CVE-2024-24724 Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code Execution because input is passed to the Twig template engine (messengerSettings.php) without sanitization. [email protected] 9.8 26.09% 2024-04-02 2026-06-17
CVE-2024-24725 Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI. [email protected] 8.8 51.32% 2024-03-23 2026-06-17
CVE-2023-45881 GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response. [email protected] 6.1 0.50% 2023-11-14 2026-06-17
CVE-2023-45880 GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot. [email protected] 7.2 1.21% 2023-11-14 2026-06-17
CVE-2023-45879 GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. [email protected] 5.4 0.46% 2023-11-14 2026-06-17
CVE-2023-45878 GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined fi [email protected] 9.8 63.11% 2023-11-14 2026-06-17
CVE-2023-34599 Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. [email protected] 6.1 1.85% 2023-06-29 2026-06-17
CVE-2023-34598 Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. [email protected] 9.8 47.24% 2023-06-29 2026-06-17
CVE-2022-27305 Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. [email protected] 8.8 1.01% 2022-05-25 2026-07-05
CVE-2022-23871 Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attackers to execute arbitrary web scripts or HTML via a crafted payload insterted into the name, category, description parameters. [email protected] 5.4 0.61% 2022-02-02 2026-06-17
CVE-2022-22868 Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. [email protected] 4.8 0.86% 2022-01-28 2026-06-17
CVE-2021-40214 Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. [email protected] 5.4 0.71% 2021-09-13 2026-06-17
CVE-2021-40492 A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). [email protected] 6.1 2.28% 2021-09-03 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence