Skip to main content

Supersign Cms

8 CVEs product

Monthly

CVE-2024-6179 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6178 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2024-6177 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
CVSS 4.0
4.8
EPSS
0.3%
CVE-2018-17173 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Supersign Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
56.2%
CVE-2018-16706 HIGH POC THREAT This Week

LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supersign Cms
NVD
CVSS 3.0
7.5
EPSS
22.3%
CVE-2018-16288 HIGH POC THREAT This Week

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supersign Cms
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
35.8%
CVE-2018-16287 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Supersign Cms
NVD
CVSS 3.0
9.8
EPSS
19.6%
CVE-2018-16286 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Supersign Cms
NVD
CVSS 3.0
9.8
EPSS
21.5%
EPSS 0% CVSS 4.8
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.1.3 before < 4.3.1. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Supersign Cms
NVD
EPSS 56% CVSS 9.8
CRITICAL POC THREAT Act Now

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Supersign Cms
NVD Exploit-DB
EPSS 22% CVSS 7.5
HIGH POC THREAT This Week

LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supersign Cms
NVD
EPSS 36% CVSS 8.6
HIGH POC THREAT This Week

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Supersign Cms
NVD Exploit-DB
EPSS 20% CVSS 9.8
CRITICAL POC THREAT Act Now

LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Supersign Cms
NVD
EPSS 22% CVSS 9.8
CRITICAL POC THREAT Act Now

LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Supersign Cms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy