Primary

Context

Xibo Signage Xibo CMS Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Xibo Signage's Xibo CMS version 4.1.2. This issue arises from inadequate validation of user input, allowing attackers to inject malicious scripts. Exploitation requires creating a template in the 'Templates' section, adding a text element in the 'Global Elements' section, and then inserting the malicious payload into the 'Text' field.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, create a template in the 'Templates' section. Then, add a text element in the 'Global Elements' section. Finally, modify the 'Text' field with the malicious payload.

Remediation

Users can upgrade to Xibo CMS version 4.2.2 to address this vulnerability.

Added: Oct 10, 2025, 10:19 AM

Updated: Oct 10, 2025, 10:19 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.7

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

5.0

remediation

7.7

relevance

0.7

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xibo Signage Xibo CMS Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Xibo CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating