Xibo@* Security Vulnerabilities and Issues — Xibo@* CVE List

Lucene search

XibosignageXibo*

8 matches found

CVE•added 2024/07/30 5:15 p.m.•79 views

CVE-2024-41944

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the report/data/proofofplayReport API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the sor...

6.5CVSS6.7AI score0.00164EPSS

CVE•added 2024/07/30 4:15 p.m.•76 views

CVE-2024-41803

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by injecting specially crafted values in to the API for ...

4.9CVSS5.5AI score0.00321EPSS

CVE•added 2024/07/30 4:15 p.m.•72 views

CVE-2024-41804

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially cra...

6.5CVSS6.7AI score0.00321EPSS

CVE•added 2024/07/30 4:15 p.m.•69 views

CVE-2024-41802

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to t...

8.1CVSS8.3AI score0.0039EPSS

CVE•added 2024/04/12 9:15 p.m.•67 views

CVE-2024-29023

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be grante...

7.2CVSS6.8AI score0.0008EPSS

CVE•added 2024/09/03 5:15 p.m.•45 views

CVE-2024-43412

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xib...

5.4CVSS5.1AI score0.00198EPSS

CVE•added 2024/04/12 9:15 p.m.•39 views

CVE-2024-29022

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into ...

8.8CVSS6.4AI score0.00085EPSS

CVE•added 2024/09/03 7:15 p.m.•34 views

CVE-2024-43413

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which conta...

4.8CVSS4.3AI score0.00186EPSS