Every CVE whose affected-product data names Xibosignage Xibo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2023-33177 — CVSS 8.8 (high): Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can…
CVE-2024-41802 — CVSS 8.1 (high): Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for…
CVE-2026-31952 — CVSS 7.6 (high): Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7…
CVE-2013-4887 — CVSS 7.5 (high): SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the…
CVE-2025-62369 — CVSS 7.2 (high): Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code…
CVE-2013-4889 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the…
CVE-2023-33179 — CVSS 6.5 (medium): Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version…
CVE-2024-41804 — CVSS 6.5 (medium): Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for…
CVE-2023-33180 — CVSS 6.5 (medium): Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version…
CVE-2023-33178 — CVSS 6.5 (medium): Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the…
CVE-2026-31953 — CVSS 6.4 (medium): Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored…
CVE-2013-5979 — CVSS 5.0 (medium): Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read…
CVE-2026-31955 — CVSS 4.9 (medium): Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated…
CVE-2024-41803 — CVSS 4.9 (medium): Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for…
CVE-2024-43412 — CVSS 4.6 (medium): Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting…
CVE-2013-4888 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script…
CVE-2023-33181 — CVSS 4.3 (medium): Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace…
CVE-2026-31956 — CVSS 4.3 (medium): Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version…
CVE-2024-43413 — CVSS 3.5 (low): Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting…