CVE-2023-34599

MEDIUM NUCLEI

Gibbon 25.0.0 - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-34599. PoCs published by maddsec. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a proof-of-concept for multiple reflected XSS vulnerabilities in Gibbon v25.0.0. The PoC demonstrates how arbitrary JavaScript can be executed via various URL parameters due to insufficient input sanitization.

Description

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.

Exploits (1)

nomisec WORKING POC 4 stars

by maddsec · poc

https://github.com/maddsec/CVE-2023-34599

View Code ZIP pw:eip

This repository contains a proof-of-concept for multiple reflected XSS vulnerabilities in Gibbon v25.0.0. The PoC demonstrates how arbitrary JavaScript can be executed via various URL parameters due to insufficient input sanitization.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Gibbon v25.0.0

No auth needed

Prerequisites: Access to a vulnerable Gibbon instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Gibbon v25.0.0 - Cross-Site Scripting

MEDIUMby ritikchaddha

Shodan: http.favicon.hash:-165631681 || http.favicon.hash:"-165631681"

FOFA: icon_hash="-165631681"

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/maddsec/CVE-2023-34599

Scores

CVSS v3 6.1

EPSS 0.0169

EPSS Percentile 74.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

gibbonedu/gibbon 25.0.00

Published Jun 29, 2023

Tracked Since Feb 18, 2026