PT-2023-29740 · Gibbonedu · Gibbon
Christian Poeschl
·
Published
2023-11-13
·
Updated
2023-11-17
·
CVE-2023-45879
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GibbonEdu Gibbon version 25.0.0
Description
The issue allows HTML Injection via an IFRAME element to the Messager component. This can potentially lead to malicious code execution.
Recommendations
For GibbonEdu Gibbon version 25.0.0, consider disabling the Messager component until a patch is available to prevent HTML Injection via an IFRAME element.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gibbon