CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/01/06 4:15 p.m.•3 views

CVE-2020-36917

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middl...

8.6CVSS0.0028EPSS

Exploits1References6

Cvelist•added 2026/01/06 3:53 p.m.•24 views

CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie

8.6CVSS0.0028EPSS

Exploits1References6

CVE•added 2026/01/06 3:52 p.m.•9 views

CVE-2020-36918

CVE-2020-36918 affects the iDS6 DSSPro Digital Signage System v6.2. It describes a cross-site request forgery (CSRF) where an attacker can induce susceptible admins to perform actions (e.g., add unauthorized users) without proper request validation by crafting malicious pages. The vulnerability s...

5.1CVSS6.4AI score0.00142EPSS

Vulnrichment•added 2026/01/06 3:52 p.m.•4 views

CVE-2020-36918 iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management

5.1CVSS6.4AI score0.00142EPSS

Positive Technologies•added 2026/01/06 12:0 a.m.•7 views

PT-2026-1451

8.6CVSS6.5AI score0.0028EPSS

CNNVD•added 2026/01/06 12:0 a.m.•2 views

Phoenix Contact iDS6 DSSPro 安全漏洞

Phoenix Contact iDS6 DSSPro is a digital signage management system from iDS6 USA. A security vulnerability exists in Phoenix Contact iDS6 DSSPro version 6.2, which stems from susceptibility to a cross-site request forgery attack that could result in the addition of unauthorized users...

5.1CVSS6.6AI score0.00142EPSS

Exploits1References8

CNNVD•added 2026/01/06 12:0 a.m.•4 views

Phoenix Contact iDS6 DSSPro 安全漏洞

Phoenix Contact iDS6 DSSPro is a digital signage management system from iDS6 USA. A security vulnerability exists in Phoenix Contact iDS6 DSSPro version 6.2, which stems from the presence of an improper access control vulnerability that could lead to the creation of users, modification of roles a...

8.8CVSS6.7AI score0.00315EPSS

Exploits1References8

Packet Storm•added 2020/11/05 12:0 a.m.•306 views

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is a...

7.4AI score

Packet Storm•added 2020/11/05 12:0 a.m.•304 views

iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery CSRF Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage management system is ...

7.4AI score

Exploit DB•added 2020/11/05 12:0 a.m.•406 views

iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation

Exploit Title: iDS6 DSSPro Digital Signage System 6.2 - Improper Access Control Privilege Escalation Date: 2020-07-16 Exploit Author: LiquidWorm Vendor Homepage: http://www.yerootech.com Version: 6.2 iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor:...

7.4AI score

Packet Storm•added 2020/11/05 12:0 a.m.•346 views

iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation

iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation Vendor: Guangzhou Yeroo Tech Co., Ltd. Product web page: http://www.yerootech.com Affected version: V6.2 B2014.12.12.1220 V5.6 B2017.07.12.1757 V4.3 Summary: iDS6 Software's DSSPro network digital signage manageme...

0.4AI score

Zero Science Lab•added 2020/11/04 12:0 a.m.•556 views

iDS6 DSSPro Digital Signage System 6.2 (autoSave) Cookie User Password Disclosure

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application suffers from a cleartext transmission/storage of sensitive information in a cookie when using the Remember autoSave=true feature. This allows a...

8.6CVSS5.8AI score0.0028EPSS

Zero Science Lab•added 2020/11/04 12:0 a.m.•248 views

iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The CAPTCHA function for DSSPro is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the...

9.8CVSS5.9AI score0.00429EPSS

Zero Science Lab•added 2020/11/04 12:0 a.m.•336 views

iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery (CSRF)

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be...

5.1CVSS5.8AI score0.00142EPSS

Zero Science Lab•added 2020/11/04 12:0 a.m.•313 views

iDS6 DSSPro Digital Signage System 6.2 Improper Access Control Privilege Escalation

Summary iDS6 Software's DSSPro network digital signage management system is a web-based server software solution for Windows. Description The application suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the consol...

8.8CVSS5.8AI score0.00315EPSS