CVE-2026-31953

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting XSS vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript...

CVE-2026-31953 Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting XSS vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript...

CVE-2026-31953

Xibo CMS contains a stored XSS in the notification body prior to version 4.4.1. An authenticated user with notification-creation privileges can inject JavaScript; if the notification is marked as an interrupt, the payload executes in targeted users’ browsers on login with zero user interaction. E...

PT-2026-34812

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting XSS vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript...

CVE-2025-38048

CVE-2025-38048 is a Linux kernel data-race in virtio_ring related to event_triggered. The issue, observed as a KCSAN data race between virtqueue_enable_cb_delayed() and virtqueue_disable_cb_split/packed() when the event_triggered flag is read/written, could cause an unreliable hint about interrup...

PT-2025-25823

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data-race issue has been identified in the Linux kernel, specifically in the virtio ring component. The issue occurs when accessing the event triggered variable, which can lead to a ra...