Vulnerabilities

Report: Essential Guide: CVE-2026-31953 - Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login

2026-04-24 0 views admin

CVE ID :CVE-2026-31953 Published : April 24, 2026, 1:16 a.m. | 31 minutes ago Description :Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 allows an authenticated user with notification creation permissions to inject arbitrary JavaScript into the notification body. When the notification is set as an

CVE Details

CVE ID

CVE-2026-31953

Published

April 24, 2026

Affected Product: Windows

Impact: XSS

🏷️ Tags

reportessentialguide31953storednotificationclickexecutionlogincve

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: Essential Guide: CVE-2026-31953 - Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: Essential Guide: CVE-2026-25720 - SenseLive X3050 Insufficient session expiration

Report: CVE-2026-1789 - Xerox Printer Information Disclosure Vulnerability - Full Analysis

Report: Update: CVE-2026-35064 - SenseLive X3050 Missing authentication for critical function

Report: Complete Guide to CVE-2026-31952 - Xibo CMS API has SQL Injection via DataSet Filter Parameter

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting