CVE-2013-4889

Name of the Vulnerable Software and Affected Versions Digital Signage Xibo version 1.4.2

Description The issue allows remote attackers to hijack the authentication of administrators for requests, including adding a new administrator via the AddUser action or conducting cross-site scripting (XSS) attacks.

Recommendations For Digital Signage Xibo version 1.4.2, consider disabling the AddUser action in index.php as a temporary workaround until a patch is available. Restrict access to index.php to minimize the risk of exploitation. Avoid using the affected functionality in index.php until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.