📄 Gibbon 14.0.01 Frame Injection_PACKETSTORM:214762

Description

Frame injection vulnerabilities exist in Gibbon version 14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application. This issue is older research added to the archive...

Visit Original Source

Basic Information

ID PACKETSTORM:214762

Published Feb 2, 2026 at 00:00

Affected Product

Affected Versions Gibbon v14.0.01 - Frame Injection Vulnerabilities
Advisory ID: RO-18-012
Severity: Medium
Vendor: Gibbon
Product: Gibbon
Version: v14.0.01

Overview #

Frame Injection vulnerabilities exist in Gibbon v14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application.

Vulnerability Details #

Affected Versions: v14.0.01 and earlier

Root Cause: Insufficient input validation allows attackers to inject iframe elements.
Technical Details #

Install Page:

URL: /gibbon-install/installer/install.php?step=2
Parameters: databaseServer, databaseUsername (POST)
Attack Pattern: <iframe src="http://attacker.com/"></iframe>

Frontend:

URL: /core/index.php?q=/modules/Resources/resources_view.php
Parameter: tag (GET)
Attack Pattern: <iframe src="http://attacker.com/"></iframe>

Exploitation Requirements #

No authentication required for frontend vulnerability
Access to install page (typically restricted)

Impact #

Remote attackers can exploit these vulnerabilities to:

Inject malicious frames into the application
Perform clickjacking attacks
Load external malicious content

Solution #

Update to a patched version of Gibbon.

References #

Invicti Advisory NS-18-002

Timeline:

[2018-01-17] - First Contact
[2018-01-20] - Vendor Fixed
[2018-06-28] - Advisory Released

Credits: Omar Kurt

{
    "lastseen": "2026-02-02T18:33:38",
    "description": "Frame injection vulnerabilities exist in Gibbon version 14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application. This issue is older research added to the archive...",
    "published": "2026-02-02T00:00:00",
    "modified": "2026-02-02T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Gibbon 14.0.01 Frame Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:214762",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "Gibbon v14.0.01 - Frame Injection Vulnerabilities\n    Advisory ID: RO-18-012\n    Severity: Medium\n    Vendor: Gibbon\n    Product: Gibbon\n    Version: v14.0.01\n    \n    \n    Overview #\n    \n    Frame Injection vulnerabilities exist in Gibbon v14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application.\n    \n    \n    Vulnerability Details #\n    \n    Affected Versions: v14.0.01 and earlier\n    \n    Root Cause: Insufficient input validation allows attackers to inject iframe elements.\n    Technical Details #\n    \n    Install Page:\n    \n        URL: /gibbon-install/installer/install.php?step=2\n        Parameters: databaseServer, databaseUsername (POST)\n        Attack Pattern: <iframe src=\"http://attacker.com/\"></iframe>\n    \n    Frontend:\n    \n        URL: /core/index.php?q=/modules/Resources/resources_view.php\n        Parameter: tag (GET)\n        Attack Pattern: <iframe src=\"http://attacker.com/\"></iframe>\n    \n    \n    \n    Exploitation Requirements #\n    \n        No authentication required for frontend vulnerability\n        Access to install page (typically restricted)\n    \n    Impact #\n    \n    Remote attackers can exploit these vulnerabilities to:\n    \n        Inject malicious frames into the application\n        Perform clickjacking attacks\n        Load external malicious content\n    \n    \n    \n    Solution #\n    \n    Update to a patched version of Gibbon.\n    \n    \n    References #\n    \n        Invicti Advisory NS-18-002\n    \n    Timeline:\n    \n        [2018-01-17] - First Contact\n        [2018-01-20] - Vendor Fixed\n        [2018-06-28] - Advisory Released\n    \n    Credits: Omar Kurt",
    "sourceHref": "https://packetstorm.news/download/214762",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/214762/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply