Vulnerabilities > Springsignage
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-01-29 | CVE-2013-4889 | Cross-Site Request Forgery (CSRF) vulnerability in Springsignage Xibo 1.4.2 Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888. | 6.8 |
2014-01-29 | CVE-2013-4888 | Cross-Site Scripting vulnerability in Springsignage Xibo 1.4.2 Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page. | 4.3 |
2014-01-29 | CVE-2013-4887 | SQL Injection vulnerability in Springsignage Xibo 1.4.2 SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter. | 7.5 |