Vulnerability Description
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Barco | Clickshare Csm-1 Firmware | < 1.7.0.3 |
| Barco | Clickshare Csm-1 | - |
| Barco | Clickshare Csc-1 Firmware | < 1.10.0.10 |
| Barco | Clickshare Csc-1 | - |
Related Weaknesses (CWE)
References
- https://www.barco.com/en/Support/software/R33050037Issue TrackingVendor Advisory
- https://www.barco.com/en/support/knowledge-base/KB5169Issue TrackingVendor Advisory
- https://www.barco.com/en/support/software/R33050020Issue TrackingVendor Advisory
- https://www.barco.com/en/Support/software/R33050037Issue TrackingVendor Advisory
- https://www.barco.com/en/support/knowledge-base/KB5169Issue TrackingVendor Advisory
- https://www.barco.com/en/support/software/R33050020Issue TrackingVendor Advisory
FAQ
What is CVE-2017-12460?
CVE-2017-12460 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as ...
How severe is CVE-2017-12460?
CVE-2017-12460 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12460?
Check the references section above for vendor advisories and patch information. Affected products include: Barco Clickshare Csm-1 Firmware, Barco Clickshare Csm-1, Barco Clickshare Csc-1 Firmware, Barco Clickshare Csc-1.