Aziz0X48

**Name of the Vulnerable Software and Affected Versions** Gibbon versions prior to 28.0.00 **Description** The issue allows a remote attacker to obtain sensitive information via the `email` parameter found in the "/Gibbon/modules/User Admin/user manage editProcess.php" API endpoint. **Recommendations** For versions prior to 28.0.00, update to version 28.0.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/Gibbon/modules/User Admin/user manage editProcess.php" endpoint or avoiding the use of the `email` parameter until the issue is resolved.