Skip to main content

Xibo

15 CVEs product

Monthly

CVE-2025-62369 HIGH PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xibo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-43413 MEDIUM PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xibo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-43412 MEDIUM PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xibo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-41804 MEDIUM PATCH This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-41803 MEDIUM PATCH This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Xibo
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-41802 HIGH PATCH This Week

Xibo is a content management system (CMS). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Xibo
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-33181 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xibo
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-33180 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33179 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33178 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33177 HIGH POC PATCH This Week

Xibo is a content management system (CMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal PHP Xibo
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.1%
CVE-2013-4889 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP XSS Xibo
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-4888 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Xibo
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-4887 HIGH This Week

SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Xibo
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-5979 MEDIUM POC THREAT This Month

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.8%.

PHP Java Path Traversal Xibo
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
34.8%
EPSS 1% CVSS 7.2
HIGH PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xibo
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xibo
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Xibo is an open source digital signage platform with a web content management system (CMS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xibo
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Xibo
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Xibo
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Xibo is a content management system (CMS). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Xibo
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xibo
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
EPSS 7% CVSS 8.8
HIGH POC PATCH This Week

Xibo is a content management system (CMS). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal PHP +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP XSS +1
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Xibo
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Xibo
NVD
EPSS 35% CVSS 5.0
MEDIUM POC THREAT This Month

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.8%.

PHP Java Path Traversal +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy