Lucene search
K

6 matches found

NVD
NVD
added 2014/01/29 6:55 p.m.19 views

CVE-2013-4889

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...

6.8CVSS6.4AI score0.0091EPSS
Exploits3References1
Prion
Prion
added 2014/01/29 6:55 p.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...

6.8CVSS6.7AI score0.01474EPSS
Exploits4References1Affected Software1
CVE
CVE
added 2014/01/29 6:0 p.m.52 views

CVE-2013-4889

CVE-2013-4889 is a vulnerability in Digital Signage Xibo 1.4.2 where CSRF in index.php can hijack administrator sessions by performing actions such as adding a new administrator via the AddUser action. The entry aggregates related issues, noting that this vulnerability enables requests performed ...

6.8CVSS6.5AI score0.0091EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2014/01/29 6:0 p.m.52 views

CVE-2013-4888

CVE-2013-4888 (Digital Signage Xibo 1.4.2) is a documented XSS in index.php via the layout parameter on the layout page; CVE-2013-4889 describes CSRF that can hijack admin actions (e.g., AddUser) and, as noted, can enable XSS through the same page. Exploitation details are present (e.g., CSRF exp...

4.3CVSS5.7AI score0.01474EPSS
Exploits3References1Affected Software1
exploitpack
exploitpack
added 2013/08/21 12:0 a.m.30 views

Xibo - Cross-Site Request Forgery

Xibo - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/62064/info Xibo is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks...

6.8CVSS0.9AI score0.01474EPSS
Exploits4
Circl
Circl
added 2013/08/21 12:0 a.m.12 views

CVE-2013-4888

creationtimestamp| type| source ---|---|--- 2013-08-21 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38745...

4.3CVSS6.8AI score0.01474EPSS
Exploits3References1
Rows per page
Query Builder