CVE-2024-6178
- EPSS 0.49%
- Published 20.06.2024 02:15:12
- Last modified 21.11.2024 09:49:07
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.
CVE-2024-6179
- EPSS 0.49%
- Published 20.06.2024 02:15:12
- Last modified 21.11.2024 09:49:07
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.
CVE-2024-6177
- EPSS 0.49%
- Published 20.06.2024 02:15:11
- Last modified 21.11.2024 09:49:07
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1.
CVE-2018-17173
- EPSS 67.15%
- Published 21.09.2018 17:29:07
- Last modified 21.11.2024 03:54:00
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVE-2018-16287
- EPSS 2.58%
- Published 14.09.2018 21:29:04
- Last modified 21.11.2024 03:52:27
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs.
CVE-2018-16288
- EPSS 63.66%
- Published 14.09.2018 21:29:04
- Last modified 21.11.2024 03:52:27
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
CVE-2018-16706
- EPSS 3.8%
- Published 14.09.2018 21:29:04
- Last modified 21.11.2024 03:53:11
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.
CVE-2018-16286
- EPSS 0.44%
- Published 14.09.2018 21:29:03
- Last modified 21.11.2024 03:52:27
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.