CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Medivision: >> Medivision Digital Signage Security Vulnerabilities

CVE-2020-36902

UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.

CVSS Score

9.8

EPSS Score

0.001

Published

2025-12-10

CVE-2020-36901

UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new admin user with elevated privileges.

CVSS Score

8.8

EPSS Score

0.0

Published

2025-12-10

Page 1

Vulnerabilities

Vulnerable Software

Medivision: >> Medivision Digital Signage Security Vulnerabilities

Products

Pricing

Contact Us