Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36886 | 1 Spinetix | 1 Fusion Digital Signage | 2025-12-17 | N/A | 8.8 HIGH |
| SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new admin user with full system privileges when a logged-in user visits the page. | |||||
| CVE-2020-36887 | 1 Spinetix | 1 Fusion Digital Signage | 2025-12-17 | N/A | 7.5 HIGH |
| SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information. | |||||
| CVE-2020-36888 | 1 Spinetix | 1 Fusion Digital Signage | 2025-12-17 | N/A | 5.3 MEDIUM |
| SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing the server's error responses. | |||||