CVE-2020-36924

EUVD-2026-1001
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
VulnCheckCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
Affected Products (NVD)
VendorProductVersion
sonybravia_signage
𝑥
≤ 1.7.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2020120030
https://exchange.xforce.ibmcloud.com/vulnerabilities/192605
https://packetstorm.news/files/id/160345
https://pro-bravia.sony.net
https://pro-bravia.sony.net/resources/software/bravia-signage/
https://pro.sony/ue_US/products/display-software
https://www.exploit-db.com/exploits/49186
https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-remote-file-inclusion
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.php