CVE-2026-31953: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in xibosignage xibo-cms
CVE-2026-31953 is a stored Cross-Site Scripting (XSS) vulnerability in xibo-cms versions prior to 4. 4. 1. It allows an authenticated user with notification creation permissions to inject arbitrary JavaScript into the notification body. When such a notification is set as an "interrupt," the malicious script executes automatically in the browser of any targeted user upon login without requiring user interaction. This vulnerability affects users who have both access to the Notification Centre and the ability to add notifications, privileges typically restricted to admins. The issue is fixed in version 4. 4. 1.
AI Analysis
Technical Summary
The vulnerability in xibo-cms (CVE-2026-31953) is a stored XSS flaw caused by improper neutralization of input during web page generation (CWE-79). Authenticated users with notification creation rights can inject JavaScript into notifications. If the notification is configured as an interrupt, the script executes automatically in the browser of any user who logs in and views the notification. This requires no user interaction beyond login. The flaw exists in versions prior to 4.4.1 and is addressed by upgrading to 4.4.1.
Potential Impact
An attacker with notification creation privileges can execute arbitrary JavaScript in the context of other users' browsers, potentially leading to session hijacking, credential theft, or other malicious actions limited to the scope of the XSS. The vulnerability requires authenticated access with specific privileges, which are not granted to non-admin users by default. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Upgrade xibo-cms to version 4.4.1 or later, which contains the fix for this vulnerability. If upgrading is not immediately possible, restrict notification creation and notification centre access privileges to trusted users only, as these permissions are required to exploit the vulnerability.
CVE-2026-31953: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in xibosignage xibo-cms
Description
CVE-2026-31953 is a stored Cross-Site Scripting (XSS) vulnerability in xibo-cms versions prior to 4. 4. 1. It allows an authenticated user with notification creation permissions to inject arbitrary JavaScript into the notification body. When such a notification is set as an "interrupt," the malicious script executes automatically in the browser of any targeted user upon login without requiring user interaction. This vulnerability affects users who have both access to the Notification Centre and the ability to add notifications, privileges typically restricted to admins. The issue is fixed in version 4. 4. 1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in xibo-cms (CVE-2026-31953) is a stored XSS flaw caused by improper neutralization of input during web page generation (CWE-79). Authenticated users with notification creation rights can inject JavaScript into notifications. If the notification is configured as an interrupt, the script executes automatically in the browser of any user who logs in and views the notification. This requires no user interaction beyond login. The flaw exists in versions prior to 4.4.1 and is addressed by upgrading to 4.4.1.
Potential Impact
An attacker with notification creation privileges can execute arbitrary JavaScript in the context of other users' browsers, potentially leading to session hijacking, credential theft, or other malicious actions limited to the scope of the XSS. The vulnerability requires authenticated access with specific privileges, which are not granted to non-admin users by default. There is no indication of known exploits in the wild at this time.
Mitigation Recommendations
Upgrade xibo-cms to version 4.4.1 or later, which contains the fix for this vulnerability. If upgrading is not immediately possible, restrict notification creation and notification centre access privileges to trusted users only, as these permissions are required to exploit the vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-10T15:10:10.657Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69eac1fc87115cfb688c86dc
Added to database: 4/24/2026, 1:06:04 AM
Last enriched: 4/24/2026, 1:21:45 AM
Last updated: 4/24/2026, 7:22:39 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.