Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xibosignage — Vulnerabilities & Security Advisories 18

Browse all 18 CVE security advisories affecting xibosignage. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Xibosignage is an open-source digital signage platform used for managing and displaying content across networks. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The platform's 18 recorded CVEs highlight consistent security concerns, particularly in authentication mechanisms and input validation. While no major public security incidents have been widely documented, the accumulation of vulnerabilities over time suggests potential risks for organizations deploying the software without proper hardening. Users should implement strict access controls and regular updates to mitigate these known weaknesses.

Top products by xibosignage: xibo-cms
CVE IDTitleCVSSSeverityPublished
CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization — xibo-cmsCWE-639 4.3 Medium2026-04-24
CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality — xibo-cmsCWE-918 4.9 Medium2026-04-24
CVE-2026-31953 Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login — xibo-cmsCWE-79 6.4 Medium2026-04-24
CVE-2026-31952 Xibo CMS API has SQL Injection via DataSet Filter Parameter — xibo-cmsCWE-89 7.6 High2026-04-24
CVE-2025-62369 Xibo CMS: Remote Code Execution through module templates — xibo-cmsCWE-94 7.2 High2025-11-04
CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns — xibo-cmsCWE-79 3.5 Low2024-09-03
CVE-2024-43412 Xibo CMS XSS vulnerability when previewing files uploaded to the library containing HTML/JS — xibo-cmsCWE-79 4.6 Medium2024-09-03
CVE-2024-41944 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS proof of play report — xibo-cmsCWE-89 6.5 Medium2024-07-30
CVE-2024-41804 Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Column Formula — xibo-cmsCWE-89 6.5 Medium2024-07-30
CVE-2024-41803 Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Filter — xibo-cmsCWE-89 4.9 Medium2024-07-30
CVE-2024-41802 Xibo allows Sensitive Information Disclosure abusing SQL Injection in Xibo CMS DataSet Data Import — xibo-cmsCWE-89 8.1 High2024-07-30
CVE-2024-29022 Session Hijacking via XSS attack in header and session grid in Xibo CMS — xibo-cmsCWE-79 8.8 High2024-04-12
CVE-2024-29023 Session Hijacking via token exposure on the session page in Xibo CMS — xibo-cmsCWE-200 7.2 High2024-04-12
CVE-2023-33181 Sensitive Information Disclosure abusing Stack Trace in Xibo CMS — xibo-cmsCWE-209 4.3 Medium2023-05-30
CVE-2023-33180 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS display map — xibo-cmsCWE-89 6.5 Medium2023-05-30
CVE-2023-33179 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS nameFilter — xibo-cmsCWE-89 6.5 Medium2023-05-30
CVE-2023-33178 Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter — xibo-cmsCWE-89 6.5 Medium2023-05-30
CVE-2023-33177 Xibo CMS vulnerable to Remote Code Execution through Zip Slip — xibo-cmsCWE-22 8.8 High2023-05-30

This page lists every published CVE security advisory associated with xibosignage. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.