Description

A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).

Remediation

References

CVE-2021-40492

Related Vulnerabilities

Oracle Database Server Create Session privilege issue (CVE-2021-1993)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5490)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000169)

MySQL CVE-2021-2046 Vulnerability (CVE-2021-2046)

Apache 2.x version older than 2.0.45

Severity

Medium

Classification

CVE-2021-40492 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities