CVE-2021-40214
MEDIUMGibbon v22.0.00 - Stored Cross-Site Scripting in Wall Messages Component
Title source: llmDescription
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
References (3)
Core 3
Core References
Product x_refsource_misc
https://gibbonedu.org/
Third Party Advisory x_refsource_misc
https://github.com/GibbonEdu/core/releases/download/v22.0.00/GibbonEduCore-InstallBundle.zip
Third Party Advisory x_refsource_misc
https://github.com/GibbonEdu/core/blob/v22.0.01/CHANGELOG.txt
Scores
CVSS v3
5.4
EPSS
0.0071
EPSS Percentile
48.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
gibbonedu/gibbon
22.0.00
Published
Sep 13, 2021
Tracked Since
Feb 18, 2026