Stored Cross-Site Scripting Vulnerability in Xibo Signage's Management System
CVE-2025-41088

5.1MEDIUM

Key Information:

Vendor: Xibo Signage
Status: Xibo Cms
Vendor: CVE Published:; 10 October 2025

🔔 Create Xibo Signage Vulnerability Alert

What is CVE-2025-41088?

Xibo Signage's Xibo CMS v4.1.2 is susceptible to a stored cross-site scripting vulnerability due to inadequate validation of user inputs. Attackers can exploit this weakness by creating a malicious template in the 'Templates' section, subsequently adding a text element in the 'Global Elements' section, and inserting harmful scripts into the 'Text' field. This allows malicious payloads to be executed in the context of users accessing the affected CMS, potentially leading to data theft, session hijacking, or unauthorized actions.

Affected Version(s)

Xibo CMS 0 < 4.2.2

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Marina Fabregat Expósito

JSON