3 matches found
CVE-2013-4887
SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter...
CVE-2013-4889
Multiple cross-site request forgery CSRF vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new administrator via the AddUser action or 2 conduct cross-site scripting XSS attacks, as demonstrat...
CVE-2013-4889
CVE-2013-4889 is a vulnerability in Digital Signage Xibo 1.4.2 where CSRF in index.php can hijack administrator sessions by performing actions such as adding a new administrator via the AddUser action. The entry aggregates related issues, noting that this vulnerability enables requests performed ...