Lucene search

PRIOn knowledge basePRION:CVE-2023-33181

HistoryMay 30, 2023 - 9:15 p.m.

Code injection

2023-05-3021:15:00

PRIOn knowledge base

www.prio-n.com

code injection

xibo cms

api

security vulnerability

sensitive information

upgrade

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.

CPENameOperatorVersion
xiboge3.0.0
xibolt3.3.5

CPE	Name	Operator	Version
	xibo	ge	3.0.0
	xibo	lt	3.3.5

References

claroty.com/team82/disclosure-dashboard

github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m

xibosignage.com/blog/security-advisory-2023-05/