Reflected XSS Vulnerability in Gibbon Application Version 22
CVE-2021-40492

6.1MEDIUM

Key Information:

Vendor: Gibbonedu
Status: Gibbon
Vendor: CVE Published:; 3 September 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 15%

What is CVE-2021-40492?

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in version 22 of the Gibbon application. Exploitation of this vulnerability allows an attacker to inject and execute arbitrary JavaScript code through input parameters such as gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents, affecting multiple pages of the application. This could potentially lead to unauthorized actions and compromise user data and session integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-40492
Created by 5qu1n7

References

https://gibbonedu.org/

x_refsource_MISC

https://github.com/5qu1n7/CVE-2021-40492

x_refsource_MISC

EPSS Score

15% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2021
Vulnerability Reserved
Sep 3, 2021
🟡
Public PoC available
Sep 2, 2021
👾
Exploit known to exist
Sep 2, 2021

Gibbonedu