CVE-2020-36918

low-risk

Published 2026-01-06

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.

Do I need to act?

-

0.03% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.3/10 Medium

NETWORK / LOW complexity

References (8)

https://cxsecurity.com/issue/WLB-2020110022

https://exchange.xforce.ibmcloud.com/vulnerabilities/191258

https://packetstormsecurity.com/files/159916

https://web.archive.org/web/20200919100215/http://www.yerootech.com/

https://www.exploit-db.com/exploits/48990

https://www.vulncheck.com/advisories/ids-dsspro-digital-signage-system-cross-sit...

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5606.php

https://www.exploit-db.com/exploits/48990

23

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal