VYPR

Medivision Digital Signage

by UBICOD

CVEs (2)

  • CVE-2020-36902Dec 10, 2025
    risk 0.00cvss epss 0.01

    UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super…

  • CVE-2020-36901Dec 10, 2025
    risk 0.00cvss epss 0.00

    UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet…