CVE-2013-4889

2014-01-29T13:55:26
ID CVE-2013-4889
Type cve
Reporter NVD
Modified 2014-02-21T14:15:01

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888.