Vulnerability Details CVE-2020-36924
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.2%
CVSS Severity
CVSS v3 Score 7.5
References
- https://cxsecurity.com/issue/WLB-2020120030
- https://exchange.xforce.ibmcloud.com/vulnerabilities/192605
- https://packetstorm.news/files/id/160345
- https://pro-bravia.sony.net
- https://pro-bravia.sony.net/resources/software/bravia-signage/
- https://pro.sony/ue_US/products/display-software
- https://www.exploit-db.com/exploits/49186
- https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-remote-file-inclusion
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.php
Products affected by CVE-2020-36924
-
cpe:2.3:a:sony:bravia_signage:*