CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-33181

Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.3%

CVSS Severity

CVSS v3 Score 4.3

References

https://claroty.com/team82/disclosure-dashboard
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m
https://xibosignage.com/blog/security-advisory-2023-05/
https://claroty.com/team82/disclosure-dashboard
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m
https://xibosignage.com/blog/security-advisory-2023-05/

Products affected by CVE-2023-33181

Xibosignage » Xibo » Version: Any

cpe:2.3:a:xibosignage:xibo:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33181

Products

Pricing

Contact Us