CVE-2026-31953 Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting XSS vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript...

CVE-2025-28245

Cross-site scripting XSS vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body...

PT-2025-29130 · Alteryx · Alteryx Server

Name of the Vulnerable Software and Affected Versions: Alteryx Server version 2023.1.1.460 Description: A cross-site scripting XSS issue exists in Alteryx Server. This allows remote attackers to inject arbitrary web script or HTML through the notification body. Recommendations: Update Alteryx...

CVE-2025-28245

CVE-2025-28245 affects Alteryx Server 2023.1.1.460 with an XSS flaw that originates in the notification body, allowing remote attackers to inject arbitrary web script or HTML. The CVSSv3.1 base score is 6.1 (MEDIUM): Network attack vector, no privileges, user interaction required, with partial im...

Alteryx Server 跨站脚本漏洞

Alteryx Server is a cloud-hosted or self-hosted application from Alteryx, Inc. for publishing, sharing and executing workflows. A security vulnerability exists in Alteryx Server version 2023.1.1.460, which originates in the body of the notification and could allow a remote attacker to inject...