CVE-2023-33181

Sensitive Information Disclosure abusing Stack Trace in Xibo CMS

CVSS 4.3 MEDIUMEPSS 0.5%CWE-209

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

30 May 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

xibosignage · xibo-cms

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://claroty.com/team82/disclosure-dashboard https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m https://xibosignage.com/blog/security-advisory-2023-05/