Home/Product/gibbonedu gibbon
Product

gibbonedu gibbon

17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-26211
< 29.0.00
Gibbon before 29.0.00 allows CSRF.
3.7LOW
 CVE-2024-51337
< 27.0.01
Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive
3.5LOW
 CVE-2024-34831
all versions
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink pa
6.1MEDIUM
 CVE-2024-24724
<= 26.0.00
Gibbon through 26.0.00 allows /modules/School%20Admin/messengerSettings.php Server Side Template Injection leading to Remote Code
9.8CRITICAL
 CVE-2024-24725
<= 26.0.00
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request
8.8HIGH
 CVE-2023-45881
<= 25.0.00
GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS.
6.1MEDIUM
 CVE-2023-45880
<= 25.0.00
GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new A
7.2HIGH
 CVE-2023-45879
<= 25.0.00
GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component.
5.4MEDIUM
 CVE-2023-45878
<= 25.0.01
GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require au
9.8CRITICAL
 CVE-2023-34599
all versions
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbi
6.1MEDIUM
 CVE-2023-34598
all versions
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present i
9.8CRITICAL
 CVE-2022-27305
< 23.0.02
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixa
8.8HIGH
 CVE-2022-27311
< 3.4.4
Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL.
9.8CRITICAL
 CVE-2022-23871
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the component outcomes_addProcess.php of Gibbon CMS v22.0.01 allow attacker
5.4MEDIUM
 CVE-2022-22868
all versions
Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrar
4.8MEDIUM
 CVE-2021-40214
all versions
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
5.4MEDIUM
 CVE-2021-40492
all versions
A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution
6.1MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh