Xibosignage

Xibo

13 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-43413

  • EPSS 0.19%
  • Published 03.09.2024 19:15:14
  • Last modified 12.09.2024 20:18:46

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users ca...

5.4

CVE-2024-43412

  • EPSS 0.2%
  • Published 03.09.2024 17:15:14
  • Last modified 12.09.2024 20:20:56

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function...

6.5

CVE-2024-41944

  • EPSS 0.15%
  • Published 30.07.2024 17:15:13
  • Last modified 21.11.2024 09:33:19

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database ...

8.1

CVE-2024-41802

  • EPSS 0.5%
  • Published 30.07.2024 16:15:04
  • Last modified 21.11.2024 09:33:06

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo datab...

4.9

CVE-2024-41803

  • EPSS 0.39%
  • Published 30.07.2024 16:15:04
  • Last modified 21.11.2024 09:33:06

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by inje...

6.5

CVE-2024-41804

  • EPSS 0.4%
  • Published 30.07.2024 16:15:04
  • Last modified 21.11.2024 09:33:06

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data ...

8.8

CVE-2024-29022

  • EPSS 0.12%
  • Published 12.04.2024 21:15:11
  • Last modified 21.11.2024 09:07:23

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These heade...

7.2

CVE-2024-29023

  • EPSS 0.11%
  • Published 12.04.2024 21:15:11
  • Last modified 21.11.2024 09:07:23

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated a...

6.5

CVE-2023-33179

  • EPSS 0.28%
  • Published 30.05.2023 21:15:09
  • Last modified 21.11.2024 08:05:03

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data f...

6.5

CVE-2023-33180

  • EPSS 0.28%
  • Published 30.05.2023 21:15:09
  • Last modified 21.11.2024 08:05:03

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from th...