CVE-2017-12460
Last modified
CVE-2017-12460 is a vulnerability of currently unknown severity. An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Barco | Clickshare Csm-1 Firmware | < 1.7.0.3 |
| Barco | Clickshare Csc-1 Firmware | < 1.10.0.10 |
References
- https://www.barco.com/en/Support/software/R33050037Issue Tracking, Vendor Advisory
- https://www.barco.com/en/support/knowledge-base/KB5169Issue Tracking, Vendor Advisory
- https://www.barco.com/en/support/software/R33050020Issue Tracking, Vendor Advisory
- https://www.barco.com/en/Support/software/R33050037Issue Tracking, Vendor Advisory
- https://www.barco.com/en/support/knowledge-base/KB5169Issue Tracking, Vendor Advisory
- https://www.barco.com/en/support/software/R33050020Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12460?
How severe is CVE-2017-12460?
How do I fix CVE-2017-12460?
Are you affected by CVE-2017-12460?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST