How severe is CVE-2024-43413?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2024-43413?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2024-43413 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which contains JavaScript, which is intended functionality. The JavaScript gets executed on the Data Entry page and in any Layouts which reference it. This behavior has been changed in 4.1.0 to show HTML/CSS/JS as code on the Data Entry page. There are no workarounds for this issue.

Related Vulnerabilities

CVE-2004-1865

MEDIUM

CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name (...

CWE-792004

CVE-2010-2472

MEDIUM

CVSS:4.8(Medium)

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which co...

CWE-792010

CVE-2011-3352

MEDIUM

CVSS:4.8(Medium)

Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula admi...

CWE-792011

CVE-2012-1637

MEDIUM

CVSS:4.8(Medium)

Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x before 6.x-2.1, 6.x-3.x before 6.x-3.1, and 7.x-3.x before 7.x-3.3 for Drupal.

CWE-792012

CVE-2012-1932

MEDIUM

CVSS:4.8(Medium)

A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.

CWE-792012

CVE-2012-2078

MEDIUM

CVSS:4.8(Medium)

Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.

CWE-792012