Core
by Gibbon
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-8207 | Hig | 0.46 | — | 0.00 | May 9, 2026 | Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation… | ||
| CVE-2021-40214 | Med | 0.35 | 5.4 | 0.01 | Sep 13, 2021 | Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component. | ||
| CVE-2022-22868 | Med | 0.31 | 4.8 | 0.01 | Jan 28, 2022 | Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters. | ||
| CVE-2024-34831 | 0.00 | — | 0.01 | Sep 10, 2024 | cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. |
- risk 0.46cvss —epss 0.00
Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation…
- risk 0.35cvss 5.4epss 0.01
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
- risk 0.31cvss 4.8epss 0.01
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters.
- CVE-2024-34831Sep 10, 2024risk 0.00cvss —epss 0.01
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.