Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36924 | 1 Sony | 1 Bravia Signage | 2026-01-26 | N/A | 6.1 MEDIUM |
| Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type. | |||||
| CVE-2020-36922 | 1 Sony | 1 Bravia Signage | 2026-01-22 | N/A | 7.5 HIGH |
| Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API. | |||||
| CVE-2020-36923 | 1 Sony | 1 Bravia Signage | 2026-01-22 | N/A | 9.8 CRITICAL |
| Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions. | |||||