PT-2017-12560 · Barco · Barco Clickshare Csc-1

Publicado

2017-10-30

Atualizado

2017-11-18

CVE-2017-12460

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Barco ClickShare CSM-1 versions prior to 1.7.0.3 Barco ClickShare CSC-1 versions prior to 1.10.0.10

Description An issue allows an authenticated user to trigger an HTML injection by uploading a wallpaper with a specially crafted name to the webUI, as special characters are not neutralized before output. This can potentially be used to manage the wallpaper collection shown as background on the ClickShare product.

Recommendations For Barco ClickShare CSM-1 versions prior to 1.7.0.3, update to version 1.7.0.3 or later. For Barco ClickShare CSC-1 versions prior to 1.10.0.10, update to version 1.10.0.10 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-12460

Produtos afetados

Barco Clickshare Csc-1

PT-2017-12560 · Barco · Barco Clickshare Csc-1

CVE-2017-12460

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5