CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-33179

Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical operators. Users should upgrade to version 3.3.5 which fixes this issue. There are no known workarounds aside from upgrading.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.4%

CVSS Severity

CVSS v3 Score 6.5

References

https://claroty.com/team82/disclosure-dashboard
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-jmx8-cgm4-7mf5
https://xibosignage.com/blog/security-advisory-2023-05/
https://claroty.com/team82/disclosure-dashboard
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-jmx8-cgm4-7mf5
https://xibosignage.com/blog/security-advisory-2023-05/

Products affected by CVE-2023-33179

Xibosignage » Xibo » Version: Any

cpe:2.3:a:xibosignage:xibo:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33179

Products

Pricing

Contact Us