Xibo Digital Signage Platform Vulnerability Affects Sessions and Displays
CVE-2024-29022
What is CVE-2024-29022?
The Xibo Digital Signage platform, an open-source solution for web content management, has been identified with a significant vulnerability due to inadequate sanitization of request headers when stored in session and display tables. This flaw allows for the potential injection of malicious scripts, which can be utilized to exfiltrate sensitive information such as session IDs and User Agents. Consequently, attackers can hijack active user sessions, posing a threat to user privacy and data security. Users are encouraged to upgrade to Xibo versions 3.3.10 or 4.0.9 to mitigate this risk. For customers utilizing Xibo Signage services, patches have already been applied to remediate the issue. Additional patches are available for earlier unsupported versions, with specific patch links provided for versions 2.3 and 1.8. Immediate action is crucial, as no workarounds exist to address this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
xibo-cms >=1.8.0, < 3.3.10 < 1.8.0, 3.3.10
xibo-cms >= 4.0.0, < 4.0.9 < 4.0.0, 4.0.9
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved