What is CVE-2020-36918?

CVE-2020-36918 is a medium-severity vulnerability in Yerootech Ids6 Dsspro Digital Signage System, classified under Cross-Site Request Forgery (CSRF). CVSS score: 4.3/10. Published 2026-01-06.

How severe is CVE-2020-36918?

Medium severity. CVSS v3 base score is 4.3 out of 10.

CSRF in Yerootech Ids6 Dsspro Digital Signage System

CVE-2020-36918

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in admin…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (6.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Yerootech Ids6 Dsspro Digital Signage System — versions 6.2 B2014.12.12.1220, 5.6 B2017.07.12.1757, 4.3

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

ExploitDB-48990 (exploit)
Zero Science Lab Disclosure (ZSL-2020-5606) (third-party-advisory)
Archived Yeroo Tech Vendor Homepage (product)
Packet Storm Security Exploit Entry (exploit)
IBM X-Force Vulnerability Exchange (vdb-entry)
CXSecurity Vulnerability Database Entry (exploit)
VulnCheck Advisory: iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management (third-party-advisory)

Frequently asked questions

What is CVE-2020-36918?: CVE-2020-36918 is a medium-severity vulnerability in Yerootech Ids6 Dsspro Digital Signage System, classified under Cross-Site Request Forgery (CSRF). CVSS score: 4.3/10. Published 2026-01-06.
How severe is CVE-2020-36918?: Medium severity. CVSS v3 base score is 4.3 out of 10.