2025-10-10 09:19:18
INCIBE
PUBLISHED
Reflected Cross-Site Scripting (XSS) in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the Templates section, then add an element that has the Configuration Name field, such as the Clock widget. Next, modify the Configuration Name field in the left-hand section.