CVE-2023-33181

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33181

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33181.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-33181

Aliases

GHSA-c9cx-ghwr-x58m

Published

2023-05-30T20:57:38.437Z

Modified

2025-11-29T14:16:22.395773Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Sensitive Information Disclosure abusing Stack Trace in Xibo CMS

Details

Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.

Database specific

{
    "cwe_ids": [
        "CWE-209"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33181.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/xibosignage/xibo-cms

Affected ranges

Type: GIT
Repo: https://github.com/xibosignage/xibo-cms
Events: Introduced

315ebd9141b67cbce134068cd31277a0075c1931

Fixed

6f5d4dd0c4a177faca6268a322a557afd4e17296

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.1.0

3.1.0-alpha

3.1.0-beta

3.1.1

3.1.2

3.1.3

3.1.4

3.2.0

3.2.1

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33181.json"