HTML Injection Vulnerability in GibbonEdu Gibbon by Gibbon
CVE-2023-45879

5.4MEDIUM

Key Information:

Vendor: Gibbonedu
Status: Gibbon
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-45879?

The GibbonEdu Gibbon application, specifically in version 25.0.0, is susceptible to an HTML injection vulnerability. This issue allows attackers to exploit the Messager component by injecting malicious HTML content through an IFRAME element. Successful exploitation could lead to unauthorized access or manipulation of the application interface, thereby jeopardizing user data and system integrity.

References

https://herolab.usd.de/security-advisories/usd-2023-0019/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Oct 15, 2023

Gibbonedu

What is CVE-2023-45879?

References

CVSS V3.1

Timeline