CVE-2021-40492

MEDIUM

Gibbon 22 - XSS

Title source: llm

Description

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).

Exploits (1)

nomisec WORKING POC 1 stars

by 5qu1n7 · poc

https://github.com/5qu1n7/CVE-2021-40492

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://gibbonedu.org/

Third Party Advisory x_refsource_misc

https://github.com/5qu1n7/CVE-2021-40492

Scores

CVSS v3 6.1

EPSS 0.0997

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

gibbonedu/gibbon 22.0.00

Published Sep 03, 2021

Tracked Since Feb 18, 2026