CVE-2025-41088

MEDIUM

Xibo Signage Xibo CMS v4.1.2 - XSS

Title source: llm

Description

Stored Cross-Site Scripting (XSS) in Xibo Signage's Xibo CMS v4.1.2, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add a text element in the 'Global Elements' section, and finally modify the 'Text' field in the section with the malicious payload.

Exploits (1)

nomisec WORKING POC 5 stars

by Marinafabregat · poc

https://github.com/Marinafabregat/CVE-2025-41088

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-xibo-cms

Scores

CVSS v4 5.1

EPSS 0.0006

EPSS Percentile 18.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Details

CWE

CWE-79

Status published

Products (1)

Xibo Signage/Xibo CMS < 4.2.2

Published Oct 10, 2025

Tracked Since Feb 18, 2026