What is the severity of CVE-2024-29022?

CVE-2024-29022 has been classified as a moderate severity vulnerability due to potential risks associated with improper request header sanitization.

How do I fix CVE-2024-29022?

To fix CVE-2024-29022, upgrade your Xibo CMS to the latest version where the request header sanitization issue has been addressed.

What versions are affected by CVE-2024-29022?

CVE-2024-29022 affects Xibo CMS versions prior to 2.3.10, as well as versions from 1.8.0 up to 1.8.9.

Can CVE-2024-29022 lead to code execution?

Yes, CVE-2024-29022 may allow an attacker to execute malicious code by injecting harmful request headers.

Is there a patch for CVE-2024-29022?

Yes, a patch is available in the latest releases of Xibo CMS that resolves the vulnerability with proper sanitization of request headers.

Vulnerability/
CVE-2024-29022

high

8.8

CWE

79 117

12/4/2024

2/8/2024

CVE-2024-29022: Session Hijacking via XSS attack in header and session grid in Xibo CMS

First published: Fri Apr 12 2024(Updated: )

Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into the session page to exfiltrate session IDs and User Agents. These session IDs / User Agents can subsequently be used to hijack active sessions. A malicious script can be injected into the display grid to exfiltrate information related to displays. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Upgrading to a fixed version is necessary to remediate. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this issue.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
	>0
	>2.3<=2.3.10
	>1.8<=1.8.9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-29022?
CVE-2024-29022 has been classified as a moderate severity vulnerability due to potential risks associated with improper request header sanitization.
How do I fix CVE-2024-29022?
To fix CVE-2024-29022, upgrade your Xibo CMS to the latest version where the request header sanitization issue has been addressed.
What versions are affected by CVE-2024-29022?
CVE-2024-29022 affects Xibo CMS versions prior to 2.3.10, as well as versions from 1.8.0 up to 1.8.9.
Can CVE-2024-29022 lead to code execution?
Yes, CVE-2024-29022 may allow an attacker to execute malicious code by injecting harmful request headers.
Is there a patch for CVE-2024-29022?
Yes, a patch is available in the latest releases of Xibo CMS that resolves the vulnerability with proper sanitization of request headers.

agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
collector/nvd-api
source/NVD
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.