Springsignage » Xibo : Security Vulnerabilities, CVEs, Published In 2014 (CSRF)
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888.
Max CVSS
6.8
EPSS Score
0.25%
Published
2014-01-29
Updated
2014-02-21
1 vulnerabilities found