Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 Gibbon 14.0.01 Frame Injection

🗓️ 02 Feb 2026 00:00:00Reported by Omar KurtType 
packetstorm
 packetstorm🔗 packetstorm.news👁 109 Views

Gibbon v14.0.01 has frame injection vulnerabilities enabling remote iframe injection and clickjacking.

Code
Gibbon v14.0.01 - Frame Injection Vulnerabilities
    Advisory ID: RO-18-012
    Severity: Medium
    Vendor: Gibbon
    Product: Gibbon
    Version: v14.0.01
    
    
    Overview #
    
    Frame Injection vulnerabilities exist in Gibbon v14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application.
    
    
    Vulnerability Details #
    
    Affected Versions: v14.0.01 and earlier
    
    Root Cause: Insufficient input validation allows attackers to inject iframe elements.
    Technical Details #
    
    Install Page:
    
        URL: /gibbon-install/installer/install.php?step=2
        Parameters: databaseServer, databaseUsername (POST)
        Attack Pattern: <iframe src="http://attacker.com/"></iframe>
    
    Frontend:
    
        URL: /core/index.php?q=/modules/Resources/resources_view.php
        Parameter: tag (GET)
        Attack Pattern: <iframe src="http://attacker.com/"></iframe>
    
    
    
    Exploitation Requirements #
    
        No authentication required for frontend vulnerability
        Access to install page (typically restricted)
    
    Impact #
    
    Remote attackers can exploit these vulnerabilities to:
    
        Inject malicious frames into the application
        Perform clickjacking attacks
        Load external malicious content
    
    
    
    Solution #
    
    Update to a patched version of Gibbon.
    
    
    References #
    
        Invicti Advisory NS-18-002
    
    Timeline:
    
        [2018-01-17] - First Contact
        [2018-01-20] - Vendor Fixed
        [2018-06-28] - Advisory Released
    
    Credits: Omar Kurt

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Feb 2026 00:00Current
5.7Medium risk
Vulners AI Score5.7
GibbonFrame injectionRemote iframe injectionNo authenticationInstall page vulnerabilityFrontend vulnerabilityClickjackingPatched version
109