CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6179 – XSS vulnerability in LG SuperSign CMS
https://notcve.org/view.php?id=CVE-2024-6179
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en LG Electronics SuperSign CMS permite XSS Reflejado. Este problema afecta a SuperSign CMS: desde 4.1.3 antes < 4.3.1. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6178 – XSS vulnerability in LG SuperSign CMS
https://notcve.org/view.php?id=CVE-2024-6178
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en LG Electronics SuperSign CMS permite XSS Reflejado. Este problema afecta a SuperSign CMS: desde 4.1.3 antes < 4.3.1. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6177 – XSS vulnerability in LG SuperSign CMS
https://notcve.org/view.php?id=CVE-2024-6177
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS. This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en LG Electronics SuperSign CMS permite XSS Reflejado. Este problema afecta a SuperSign CMS: desde 4.1.3 antes < 4.3.1. • https://lgsecurity.lge.com/bulletins/idproducts#updateDetails • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 87%CPEs: 1EXPL: 3CVE-2018-17173 – LG Supersign EZ CMS - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. LG SuperSign CMS permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro sourceUri en qsr_server/device/getThumbnail. LG SuperSign EZ CMS, that many LG SuperSign TVs have built-in, is prone to a remote code execution vulnerability due to an improper parameter handling. • https://www.exploit-db.com/exploits/46795 https://www.exploit-db.com/exploits/45448 http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html http://packetstormsecurity.com/files/152733/LG-Supersign-EZ-CMS-Remote-Code-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16706
https://notcve.org/view.php?id=CVE-2018-16706
LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080. LG SuperSign CMS permite que los televisores se reinicien de forma remota sin autenticación mediante una petición HTTP directa a qsr_server device reboot en el puerto 9080. • https://github.com/Nurdilin/CVE-2018-16706 http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-425: Direct Request ('Forced Browsing') •