VYPR

Core

by Gibbon

Source repositories

CVEs (4)

  • CVE-2026-8207HigMay 9, 2026
    risk 0.46cvss epss 0.00

    Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation…

  • CVE-2021-40214MedSep 13, 2021
    risk 0.35cvss 5.4epss 0.01

    Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.

  • CVE-2022-22868MedJan 28, 2022
    risk 0.31cvss 4.8epss 0.01

    Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters.

  • CVE-2024-34831Sep 10, 2024
    risk 0.00cvss epss 0.01

    cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.