CVE-2020-36918 MEDIUM

CVE-2020-36918: iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management

Vendor Yerootech
Product iDS6 DSSPro Digital Signage System
Weakness CWE-352 · CSRF
Published January 6, 2026
Last update January 6, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.

Key dates

02Disclosure timeline

January 6, 2026 CVE published
January 6, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-3151 Bdtask Multi-Store Inventory Management System Stock Movement Page cross-site request forgery CVE-2023-44259 WordPress Mediavine Control Panel Plugin <= 2.10.2 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-64201 WordPress PowerPress Podcasting plugin <= 11.13.12 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-4189 Audio Comments Plugin <= 1.0.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting CVE-2024-32538 WordPress Easy CountDowner plugin <= 1.0.8 - CSRF to XSS vulnerability