CVE-2017-0912

Name of the Vulnerable Software and Affected Versions Ubiquiti UCRM versions 2.5.0 through 2.7.7

Description The issue is related to Stored Cross-site Scripting due to a lack of sanitization, allowing the injection of arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling".

Recommendations For Ubiquiti UCRM versions 2.5.0 through 2.7.7, update to a version that includes the necessary sanitization to prevent arbitrary HTML code injection. As a temporary workaround, consider restricting file uploads and "Edit" access to "Scheduling" to minimize the risk of exploitation.