Cross-Site Scripting Vulnerabilities in Gibbon by Gibbon Community
CVE-2023-34599

6.1MEDIUM

Key Information:

Vendor: Gibbonedu
Status: Gibbon
Vendor: CVE Published:; 29 June 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 33%

What is CVE-2023-34599?

Multiple Cross-Site Scripting vulnerabilities in Gibbon version v25.0.0 allow attackers to inject and execute arbitrary JavaScript. This presents significant security risks as it can lead to critical data breaches and unauthorized actions on behalf of users. Timely updates and security patches are essential to mitigate these vulnerabilities and ensure the integrity of web applications using Gibbon.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-34599
Created by maddsec

References

https://github.com/maddsec/CVE-2023-34599

EPSS Score

33% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2023
🟡
Public PoC available
Jun 23, 2023
👾
Exploit known to exist
Jun 23, 2023
Vulnerability Reserved
Jun 7, 2023

Gibbonedu