CVE-2024-34831

Name of the Vulnerable Software and Affected Versions Gibbon Core version 26.0.00

Description A cross-site scripting (XSS) issue allows an attacker to execute arbitrary code via the imageLink parameter in the library manage catalog editProcess.php component. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Gibbon Core version 26.0.00, consider restricting access to the library manage catalog editProcess.php component until a patch is available, and avoid using the imageLink parameter in this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.