PT-2017-12560 · Barco · Barco Clickshare Csc-1

Published

2017-10-30

Updated

2017-11-18

CVE-2017-12460

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Barco ClickShare CSM-1 versions prior to 1.7.0.3 Barco ClickShare CSC-1 versions prior to 1.10.0.10

Description An issue allows an authenticated user to trigger an HTML injection by uploading a wallpaper with a specially crafted name to the webUI, as special characters are not neutralized before output. This can potentially be used to manage the wallpaper collection shown as background on the ClickShare product.

Recommendations For Barco ClickShare CSM-1 versions prior to 1.7.0.3, update to version 1.7.0.3 or later. For Barco ClickShare CSC-1 versions prior to 1.10.0.10, update to version 1.10.0.10 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-12460

Affected Products

Barco Clickshare Csc-1

PT-2017-12560 · Barco · Barco Clickshare Csc-1

CVE-2017-12460

Weakness Enumeration

Related Identifiers

Affected Products

References · 5