CVE-2017-12460 Information
Feb 14, 2021
cve
Description
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name an HTML injection can be triggered as special characters are not neutralized before output.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
https://www.barco.com/en/support/knowledge-base/KB5169 https://www.barco.com/en/support/software/R33050020 https://www.barco.com/en/Support/software/R33050037
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: