CVE-2021-40492
MEDIUMGibbon 22 - Reflected Cross-Site Scripting via gibbonCourseClassID Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-40492. PoCs published by 5qu1n7.
AI-analyzed exploit summary This repository contains a working proof-of-concept for CVE-2021-40492, demonstrating reflected XSS vulnerabilities in Gibbon version 22. The payloads exploit multiple parameters to execute arbitrary JavaScript.
Description
A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).
Exploits (1)
This repository contains a working proof-of-concept for CVE-2021-40492, demonstrating reflected XSS vulnerabilities in Gibbon version 22. The payloads exploit multiple parameters to execute arbitrary JavaScript.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N