CVE-2020-36924 MEDIUM

CVE-2020-36924: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Vendor Pro-Bravia
Product Sony BRAVIA Digital Signage
Weakness CWE-829 · Inclusion from untrusted sphere
Published January 6, 2026
Last update January 26, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.

Key dates

02Disclosure timeline

January 6, 2026 CVE published
January 26, 2026 Record updated