CVE-2013-4889

NONE
Published Jan 29, 201412y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 29, 2014 12y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 1

VendorProductVersionRange
xibosignagexibo1.4.2any

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.