CVE-2012-4970 Information

Description

Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J and commercial software before 3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Reference

http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End20User/Tech20Alerts/Video/15990_fHDX20XSS20Vulnerability20-20Security20Bulletin20101521.pdf http://www.securitytracker.com/id?1027926