Fusion Digital Signage
Approved changes feed: RSS · Atom
cpe:2.3:a:spinetix:fusion_digital_signage:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Spinetix (1be1bebb-6bc6-5322-9184-ac5ba00eb1f0) |
|---|---|
| Product | Fusion Digital Signage (b0f21406-f352-55ec-a578-04c2f6418378) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-36888 |
vulnerable | 2026-06-08 05:25:49.784377 |
SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing the server's error responses.
Published: 2025-12-10T20:51:15.666Z
Updated: 2025-12-11T18:53:35.382Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36887 |
vulnerable | 2026-06-08 05:25:49.783828 |
SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information.
Published: 2025-12-10T20:49:38.636Z
Updated: 2025-12-11T18:53:40.399Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36886 |
vulnerable | 2026-06-08 05:25:49.782475 |
SpinetiX Fusion Digital Signage 3.4.8 Cross-Site Request Forgery via User Creation
SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new admin user with full system privileges when a logged-in user visits the page.
Published: 2025-12-10T20:48:38.588Z
Updated: 2025-12-11T18:53:45.677Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36883 |
vulnerable | 2026-06-08 05:25:49.777730 |
SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.
Published: 2025-12-10T20:47:08.593Z
Updated: 2025-12-11T18:54:05.115Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.