CVE-2017-12460

Опубликовано: 30 окт. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.

Ссылки

https://www.barco.com/en/Support/software/R33050037
Issue Tracking
Vendor Advisory
https://www.barco.com/en/support/knowledge-base/KB5169
Issue Tracking
Vendor Advisory
https://www.barco.com/en/support/software/R33050020
Issue Tracking
Vendor Advisory
https://www.barco.com/en/Support/software/R33050037
Issue Tracking
Vendor Advisory
https://www.barco.com/en/support/knowledge-base/KB5169
Issue Tracking
Vendor Advisory
https://www.barco.com/en/support/software/R33050020
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:barco:clickshare_csm-1_firmware:*:*:*:*:*:*:*:*

Версия до 1.7.0.3 (исключая)

cpe:2.3:h:barco:clickshare_csm-1:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:barco:clickshare_csc-1_firmware:*:*:*:*:*:*:*:*

Версия до 1.10.0.10 (исключая)

cpe:2.3:h:barco:clickshare_csc-1:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00317

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8m7j-v4xc-hg9r