High severity8.8NVD Advisory· Published Jan 6, 2026· Updated Apr 15, 2026

CVE-2020-36920

Description

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cxsecurity.com/issue/WLB-2020110025nvd
exchange.xforce.ibmcloud.com/vulnerabilities/191260nvd
packetstorm.news/files/id/159918nvd
web.archive.org/web/20200919100215/http://www.yerootech.com/nvd
www.exploit-db.com/exploits/48992nvd
www.vulncheck.com/advisories/ids-dsspro-digital-signage-system-privilege-escalation-via-access-controlnvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5608.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000