CVE-2020-36924
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
Pro-Bravia · Sony BRAVIA Digital Signage¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://cxsecurity.com/issue/WLB-2020120030https://exchange.xforce.ibmcloud.com/vulnerabilities/192605https://packetstorm.news/files/id/160345https://pro-bravia.sony.nethttps://pro-bravia.sony.net/resources/software/bravia-signage/https://pro.sony/ue_US/products/display-softwarehttps://www.exploit-db.com/exploits/49186https://www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-remote-file-inclusionhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.php