Xibosignage

Xibo

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-43413

  • EPSS 0.19%
  • Veröffentlicht 03.09.2024 19:15:14
  • Zuletzt bearbeitet 12.09.2024 20:18:46

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users ca...

5.4

CVE-2024-43412

  • EPSS 0.2%
  • Veröffentlicht 03.09.2024 17:15:14
  • Zuletzt bearbeitet 12.09.2024 20:20:56

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function...

6.5

CVE-2024-41944

  • EPSS 0.15%
  • Veröffentlicht 30.07.2024 17:15:13
  • Zuletzt bearbeitet 21.11.2024 09:33:19

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database ...

8.1

CVE-2024-41802

  • EPSS 0.5%
  • Veröffentlicht 30.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:33:06

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo datab...

4.9

CVE-2024-41803

  • EPSS 0.39%
  • Veröffentlicht 30.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:33:06

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by inje...

6.5

CVE-2024-41804

  • EPSS 0.4%
  • Veröffentlicht 30.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 09:33:06

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data ...

8.8

CVE-2024-29022

  • EPSS 0.12%
  • Veröffentlicht 12.04.2024 21:15:11
  • Zuletzt bearbeitet 21.11.2024 09:07:23

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These heade...

7.2

CVE-2024-29023

  • EPSS 0.11%
  • Veröffentlicht 12.04.2024 21:15:11
  • Zuletzt bearbeitet 21.11.2024 09:07:23

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated a...

6.5

CVE-2023-33179

  • EPSS 0.28%
  • Veröffentlicht 30.05.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:05:03

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data f...

6.5

CVE-2023-33180

  • EPSS 0.28%
  • Veröffentlicht 30.05.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 08:05:03

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from th...