CVE-2017-12460

by Fred · 30/10/2017

An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.

Date published : 2017-10-30

https://www.barco.com/en/Support/software/R33050037

https://www.barco.com/en/support/knowledge-base/KB5169

CVE-2017-12460

Similar

Recent Posts

Categories

CVE-2017-12460

Share this:

Similar

Recent Posts

Categories

Tags