A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).Referenceshttps://gibbonedu.org/https://github.com/5qu1n7/CVE-2021-40492
