Unrated severityNVD Advisory· Published Jan 6, 2026· Updated Jan 26, 2026
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
CVE-2020-36924
Description
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- cxsecurity.com/issue/WLB-2020120030mitreexploit
- packetstorm.news/files/id/160345mitreexploit
- www.exploit-db.com/exploits/49186mitreexploit
- www.vulncheck.com/advisories/sony-bravia-digital-signage-unauthenticated-remote-file-inclusionmitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5612.phpmitrethird-party-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/192605mitrevdb-entry
- pro-bravia.sony.netmitreproduct
- pro-bravia.sony.net/resources/software/bravia-signage/mitreproduct
- pro.sony/ue_US/products/display-softwaremitreproduct
News mentions
0No linked articles in our index yet.