Description

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which contains JavaScript, which is intended functionality. The JavaScript gets executed on the Data Entry page and in any Layouts which reference it. This behavior has been changed in 4.1.0 to show HTML/CSS/JS as code on the Data Entry page. There are no workarounds for this issue.

INFO

Published Date :

2024-09-03T18:52:27.153Z

Last Modified :

2024-09-03T19:28:40.467Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-43413 vulnerability.

Vendors Products
Xibosignage
  • Xibo
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43413.

URL Resource
https://github.com/xibosignage/xibo-cms/commit/009527855d8bfd0ffb95f5c88ed72b7b5bdebfa1 cve-icon cve-icon
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-pfxp-vxh7-2h9f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact