Is CVE-2020-16218 actively exploited?

CVE-2020-16218 has no public evidence of in-the-wild exploitation as of 2026-02-23.

What is the CVSS score for CVE-2020-16218?

CVE-2020-16218 has a CVSS score of 3.5 (LOW severity). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

How do I patch CVE-2020-16218?

Patch guidance is available from philips security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-16218.

CVE-2020-16218 - remediation guidance & executive summary

Q: Which products are affected by CVE-2020-16218?

3 products: philips patient information center ix, philips patient information center ix, philips patient information center ix.

Description

In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector: adjacent network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Weaknesses: CWE-79 · Cross-site Scripting (XSS)

Metadata

Primary Vendor: PHILIPS
Published: 9/11/2020
Last Modified: 2/23/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

philips : patient_information_center_ixphilips : patient_information_center_ixphilips : patient_information_center_ix

Remediation Guidance

Executive Summary

Cite this page

CVE-2020-16218. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2020-16218

View on NIST NVD

CVE-2020-16218 vulnerability