## https://sploitus.com/exploit?id=62F118B8-4F2D-55CC-A8CD-69C12723A601
# CVE-2026-42141 - xibo CMS SSRF
SSRF vulnerability in Xibo CMS (CVE-2026-42141)
## Description
Server-Side Request Forgery (SSRF) vulnerability in Xibo CMS via the `uploadUrl` feature.
## Impact
An authenticated user can force the server to make HTTP requests to internal resources.
## Technical Details
- Endpoint: /library/uploadUrl
- Method: POST
- Vulnerable parameter: URL
## Proof of Concept
Example request:
POST /library/uploadUrl HTTP/1.1
url=http://localhost
## Mitigation
- Validate URLs
- Block internal IP ranges
- Upgrade to patched version
## Timeline
- Reported: March 2026
- Fixed: April 2026
- Published: April 2026
## Author
Vivien LEBAS