CVE-2020-36917 – iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie

CVE ID : CVE-2020-36917

Published : Jan. 6, 2026, 3:53 p.m. | 33 minutes ago

Description : iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…