Xibosignage

Xibo

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-31956

  • EPSS 0.27%
  • Veröffentlicht 24.04.2026 01:16:11
  • Zuletzt bearbeitet 27.04.2026 14:44:42

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved repor...

4.9

CVE-2026-31955

  • EPSS 0.28%
  • Veröffentlicht 24.04.2026 01:16:11
  • Zuletzt bearbeitet 27.04.2026 14:43:43

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 4.4.1 allows users with DataSet permissio...

5.4

CVE-2026-31953

  • EPSS 0.14%
  • Veröffentlicht 24.04.2026 01:16:11
  • Zuletzt bearbeitet 27.04.2026 14:43:00

Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 allows an authenticated user with notification crea...

8.1

CVE-2026-31952

  • EPSS 0.25%
  • Veröffentlicht 24.04.2026 00:16:27
  • Zuletzt bearbeitet 27.04.2026 14:33:15

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSe...

7.2

CVE-2025-62369

  • EPSS 0.89%
  • Veröffentlicht 04.11.2025 21:18:38
  • Zuletzt bearbeitet 08.12.2025 13:30:12

Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated use...

4.8

CVE-2024-43413

  • EPSS 0.26%
  • Veröffentlicht 03.09.2024 19:15:14
  • Zuletzt bearbeitet 12.09.2024 20:18:46

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users ca...

5.4

CVE-2024-43412

  • EPSS 0.26%
  • Veröffentlicht 03.09.2024 17:15:14
  • Zuletzt bearbeitet 12.09.2024 20:20:56

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function...

6.5

CVE-2024-41944

  • EPSS 0.44%
  • Veröffentlicht 30.07.2024 17:15:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database ...

8.1

CVE-2024-41802

  • EPSS 0.46%
  • Veröffentlicht 30.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:33:06

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo datab...

6.5

CVE-2024-41804

  • EPSS 0.44%
  • Veröffentlicht 30.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:33:06

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data ...