CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6179 – XSS vulnerability in LG SuperSign CMS
https://notcve.org/view.php?id=CVE-2024-6179
20 Jun 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en LG Electronics SuperSign CMS permite XSS Reflejado. Este problema afecta a SuperSign CMS: desde 4.1.3 antes < 4.3.1. Improper Neutralization of Input During Web Page Gen... • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6178 – XSS vulnerability in LG SuperSign CMS
https://notcve.org/view.php?id=CVE-2024-6178
20 Jun 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en LG Electronics SuperSign CMS permite XSS Reflejado. Este problema afecta a SuperSign CMS: desde 4.1.3 antes < 4.3.1. Improper Neutralization of Input During Web Page Gen... • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6177 – XSS vulnerability in LG SuperSign CMS
https://notcve.org/view.php?id=CVE-2024-6177
20 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en LG Electronics SuperSign CMS permite XSS Reflejado. Este problema afecta a SuperSign CMS: desde 4.1.3 antes < 4.3.1. Improper Neutralization of Input During... • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 68%CPEs: 1EXPL: 5CVE-2018-17173 – LG Supersign EZ CMS - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-17173
21 Sep 2018 — LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. LG SuperSign CMS permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro sourceUri en qsr_server/device/getThumbnail. LG SuperSign EZ CMS, that many LG SuperSign TVs have built-in, is prone to a remote code execution vulnerability due to an improper parameter handling. • https://packetstorm.news/files/id/152733 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 2CVE-2018-16706
https://notcve.org/view.php?id=CVE-2018-16706
14 Sep 2018 — LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. LG SuperSign CMS permite que los televisores se reinicien de forma remota sin autenticación mediante una petición HTTP directa a qsr_server device reboot en el puerto 9080. • https://github.com/Nurdilin/CVE-2018-16706 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16286
https://notcve.org/view.php?id=CVE-2018-16286
14 Sep 2018 — LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. LG SuperSign CMS permite la omisión de la autenticación debido a que se salta el requisito de CAPTCHA si se envía una cookie captcha:pass, y también debido a que el PIN se limita a 4 dígitos. • http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2018-16287
https://notcve.org/view.php?id=CVE-2018-16287
14 Sep 2018 — LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la subida de archivos mediante los URI signEzUI playlist edit upload ..%2f. • http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.6EPSS: 63%CPEs: 1EXPL: 3CVE-2018-16288 – LG SuperSign EZ CMS 2.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2018-16288
14 Sep 2018 — LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la lectura de archivos arbitrarios mediante los URI signEzUI playlist edit upload ..%2f. LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability. • https://packetstorm.news/files/id/149437 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •