CNNVD-202511-120 Information

CNNVD ID

CNNVD-202511-120

Related CVE

CVE-2025-62369

• CNNVD Published: 2025-11-04

Description (Chinese)

Xibo CMS是Xibo Digital Signage开源的一个内容管理系统。 Xibo CMS 4.3.0及之前版本存在安全漏洞，该漏洞源于CMS开发者菜单中的模块模板功能存在Twig过滤器操作不当，可能导致远程代码执行。

Description (English)

Xibo CMS is an open-source content management system for Xibo Digital Signage. There is a security gap in Xibo CMS 4.3.0 and previous versions, which stems from the inappropriate operation of Twig filters in the module template function in the CMS Developer menu, which may lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Xibo Digital Signage

Published

2025-11-04

Last Modified

2026-02-24

References

https://patch-diff.githubusercontent.com/raw/xibosignage/xibo-cms/pull/3128.patch https://github.com/xibosignage/xibo-cms/commit/0f4e88396111ea027785a48dd8f5eeb14536bd71 https://github.com/xibosignage/xibo-cms/commit/ecd4f9d2cea739a46756a108a839cac80f65cf10 https://github.com/xibosignage/xibo-cms/releases/tag/4.3.1 https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-7rmm-689c-gjgv https://access.redhat.com/security/cve/cve-2025-62369

Patch

https://github.com/xibosignage/xibo-cms/releases