Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xibo-cms — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in xibo-cms, with AI-generated Chinese analysis, references, and POCs.

Vendor: xibosignage

CVE IDTitleCVSSSeverityPublished
CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization CWE-639 4.3 Medium2026-04-24
CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality CWE-918 4.9 Medium2026-04-24
CVE-2026-31953 Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login CWE-79 6.4 Medium2026-04-24
CVE-2026-31952 Xibo CMS API has SQL Injection via DataSet Filter Parameter CWE-89 7.6 High2026-04-24
CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates CWE-94 7.2 High2025-11-04
CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns CWE-79 3.5 Low2024-09-03
CVE-2024-43412 Xibo CMS XSS vulnerability when previewing files uploaded to the library containing HTML/JS CWE-79 4.6 Medium2024-09-03
CVE-2024-41944 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS proof of play report CWE-89 6.5 Medium2024-07-30
CVE-2024-41804 Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Column Formula CWE-89 6.5 Medium2024-07-30
CVE-2024-41803 Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Filter CWE-89 4.9 Medium2024-07-30
CVE-2024-41802 Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Data Import CWE-89 8.1 High2024-07-30
CVE-2024-29022 Session Hijacking via XSS attack in header and session grid in Xibo CMS CWE-79 8.8 High2024-04-12
CVE-2024-29023 Session Hijacking via token exposure on the session page in Xibo CMS CWE-200 7.2 High2024-04-12
CVE-2023-33181 Sensitive Information Disclosure abusing Stack Trace in Xibo CMS CWE-209 4.3 Medium2023-05-30
CVE-2023-33180 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS display map CWE-89 6.5 Medium2023-05-30
CVE-2023-33179 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS nameFilter CWE-89 6.5 Medium2023-05-30
CVE-2023-33178 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter CWE-89 6.5 Medium2023-05-30
CVE-2023-33177 Xibo CMS vulnerable to Remote Code Execution through Zip Slip CWE-22 8.8 High2023-05-30

All 18 known CVE vulnerabilities affecting xibo-cms with full Chinese analysis, references, and POCs where available.