Share
## https://sploitus.com/exploit?id=62F118B8-4F2D-55CC-A8CD-69C12723A601
# CVE-2026-42141 - xibo CMS SSRF
SSRF vulnerability in Xibo CMS (CVE-2026-42141)
##  Description
Server-Side Request Forgery (SSRF) vulnerability in Xibo CMS via the `uploadUrl` feature.

##  Impact
An authenticated user can force the server to make HTTP requests to internal resources.

##  Technical Details
- Endpoint: /library/uploadUrl
- Method: POST
- Vulnerable parameter: URL

##  Proof of Concept
Example request:

POST /library/uploadUrl HTTP/1.1

url=http://localhost

##  Mitigation
- Validate URLs
- Block internal IP ranges
- Upgrade to patched version

##  Timeline
- Reported: March 2026
- Fixed: April 2026
- Published: April 2026

##  Author
Vivien LEBAS