5.9
CVE-2025-63082 - Joomla! Core - [20260101] - Inadequate content filtering for data URLs
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.
5.9
CVE-2025-63083 - Joomla! Core - [20260102] - XSS vector in the pagebreak plugin
Lack of output escaping leads to a XSS vector in the pagebreak plugin.
8.6
CVE-2020-36917 - iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie
iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle β¦
8.6
CVE-2020-36914 - QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure
QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored β¦
8.7
CVE-2020-36925 - Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without aβ¦
5.3
CVE-2020-36924 - Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify β¦
6.9
CVE-2020-36923 - Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.
6.9
CVE-2020-36922 - Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to β¦
6.9
CVE-2020-36921 - RED-V Super Digital Signage System 5.1.1 Log Information Disclosure Vulnerability
RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.
8.7
CVE-2020-36920 - iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control
iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploitβ¦