Primary

Context

Xibo CMS Preview and Export Vulnerability Allowing Unauthorized Report Access

Vulnerability

Patched

A vulnerability in Xibo CMS, an open-source digital signage platform, allows authenticated users to access and export reports belonging to other users. This issue affects versions of Xibo CMS through 4.4.0. The vulnerability arises from the ability to manually construct URLs to preview campaigns or regions and export saved reports, exploiting a lack of proper authorization checks at the controller level. Users with privileges to manage layouts, campaigns, or reports can exploit this vulnerability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to and export of reports belonging to other users.

Remediation

Users should upgrade to Xibo CMS version 4.4.1, which addresses this vulnerability.

Added: Apr 24, 2026, 1:23 AM

Updated: Apr 24, 2026, 1:23 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.3

exploitability

4.9

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.3

exploitability

4.9

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xibo CMS Preview and Export Vulnerability Allowing Unauthorized Report Access

Vulnerability

Impact

Remediation

Affected Products

Xibo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating