← Back

CVE-2020-36924

nvd nist
Published: Jan 6, 2026Modified: Jan 26, 2026

JSON object

Loading...
5.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.

Affected (1)

Products: Sony: Bravia Signage
Sony
1 product
Bravia Signage
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Bravia Signage
Up to 1.7.8

Related CWEs

CWE-829
Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

References (9)

Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
ExploitThird Party AdvisoryVDB Entry
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
ExploitThird Party Advisory

Timeline

No history available yet.