CVE-2020-36918 – iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management

CVE ID : CVE-2020-36918

Published : Jan. 6, 2026, 3:52 p.m. | 34 minutes ago

Description : iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…