Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 08 Dec 2025 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Xibosignage
Xibosignage xibo |
|
| CPEs | cpe:2.3:a:springsignage:xibo:1.2.0:rc1:*:*:*:*:*:* cpe:2.3:a:springsignage:xibo:1.2.0:rc2:*:*:*:*:*:* cpe:2.3:a:springsignage:xibo:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:springsignage:xibo:1.2.2:*:*:*:*:*:*:* cpe:2.3:a:springsignage:xibo:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:springsignage:xibo:1.4.0:rc1:*:*:*:*:*:* cpe:2.3:a:springsignage:xibo:1.4.1:*:*:*:*:*:*:* |
cpe:2.3:a:xibosignage:xibo:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:xibosignage:xibo:1.2.0:rc1:*:*:*:*:*:* cpe:2.3:a:xibosignage:xibo:1.2.0:rc2:*:*:*:*:*:* cpe:2.3:a:xibosignage:xibo:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:xibosignage:xibo:1.2.2:*:*:*:*:*:*:* cpe:2.3:a:xibosignage:xibo:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:xibosignage:xibo:1.4.0:rc1:*:*:*:*:*:* cpe:2.3:a:xibosignage:xibo:1.4.1:*:*:*:*:*:*:* |
| Vendors & Products |
Springsignage
Springsignage xibo |
Xibosignage
Xibosignage xibo |
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-09-16T16:32:55.588Z
Reserved: 2013-10-02T00:00:00Z
Link: CVE-2013-5979
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2013-10-02T22:55:23.680
Modified: 2025-12-08T14:49:54.013
Link: CVE-2013-5979
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses