CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/10 9:39 p.m.•11 views

EUVD-2026-36170

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...

7.6CVSS5.3AI score0.0011EPSS

CNNVD•added 2026/06/10 12:0 a.m.•11 views

Xibo 跨站脚本漏洞

Xibo is a digital signage content management tool developed by Dan Garner. Versions of Xibo prior to 4.4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored XSS attacks and an Iframe sandbox escape chain, which could allow users with DataSet permissions to use...

7.6CVSS4.9AI score0.0011EPSS

RedhatCVE•added 2026/06/05 7:29 p.m.•6 views

CVE-2026-31956

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS5.5AI score0.00265EPSS

RedhatCVE•added 2026/06/05 7:29 p.m.•8 views

CVE-2026-31953

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting XSS vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript...

6.4CVSS5.6AI score0.00141EPSS

RedhatCVE•added 2026/06/05 7:14 p.m.•6 views

CVE-2026-31952

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

8.1CVSS5.8AI score0.00246EPSS

RedhatCVE•added 2026/05/13 8:22 p.m.•6 views

CVE-2026-42141

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...

NVD•added 2026/05/12 6:17 p.m.•26 views

CVE-2026-42141

7.7CVSS0.00369EPSS

ATTACKERKB•added 2026/05/12 5:14 p.m.•4 views

CVE-2026-42141

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/12 5:14 p.m.•9 views

CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

Cvelist•added 2026/05/12 5:14 p.m.•41 views

CVE-2026-42141 Xibo: Authenticated Server-Side Request Forgery (SSRF) in Library Upload via URL functionality

7.7CVSS0.00369EPSS

EUVD•added 2026/05/12 5:14 p.m.•8 views

EUVD-2026-29701

CNNVD•added 2026/05/12 12:0 a.m.•7 views

Xibo 代码问题漏洞

Xibo is a digital signage content management tool developed by Dan Garner personally. Versions of Xibo prior to 4.4.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgery attacks, which could allow authenticated users to scan internal infrastructure or...

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

Exploits1References2

PT-2026-40251

Packet Storm•added 2026/05/05 12:0 a.m.•45 views

Exploits1References2

📄 Xibo CMS SSTI / Remote Code Execution

Xibo CMS versions prior to 4.3.1 suffer from an authenticated remote code execution vulnerability via server-side template injection. Exploit Title: Xibo CMS - Authenticated Remote Code Execution via SSTI Date: 2025-11-04 Exploit Author: Cristian Branet Vendor Homepage: https://xibosignage.com/...

7.2CVSS6.5AI score0.00887EPSS

Exploits2

GithubExploit•added 2026/04/30 6:44 a.m.•72 views

Exploit for CVE-2026-42141

CVE-2026-42141 - xibo CMS SSRF SSRF vulnerability in Xibo CMS...

5.4AI score0.00369EPSS

Exploits1

Exploit DB•added 2026/04/29 12:0 a.m.•84 views

Xibo CMS 4.3.0 - RCE via SSTI

Exploit Title: Xibo CMS - Authenticated Remote Code Execution via SSTI Date: 2025-11-04 Exploit Author: Cristian Branet Vendor Homepage: https://xibosignage.com/ Software Link: https://github.com/xibosignage/xibo-cms/ Version: 4.3.1 Tested on: Linux Ubuntu 22.04 CVE : CVE-2025-62639 Article:...

7.2CVSS5.2AI score0.00887EPSS

Exploits2

RedhatCVE•added 2026/04/25 7:22 a.m.•3 views

CVE-2026-31955

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

4.9CVSS5.6AI score0.00282EPSS