CVE-2023-33181
- EPSS 0.24%
- Veröffentlicht 30.05.2023 21:15:09
- Zuletzt bearbeitet 21.11.2024 08:05:03
Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that...
CVE-2023-33177
- EPSS 3.42%
- Veröffentlicht 30.05.2023 20:15:10
- Zuletzt bearbeitet 21.11.2024 08:05:03
Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of fil...
CVE-2023-33178
- EPSS 0.2%
- Veröffentlicht 30.05.2023 20:15:10
- Zuletzt bearbeitet 21.11.2024 08:05:03
Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfil...