CVE-2016-3150
published 2017-01-12CVE-2016-3150: Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with…
PriorityP425medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.26%
65.9th percentile
Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barco | clickshare_csc-1_firmware | <= 01.09.05.02 | — |
| barco | clickshare_cse-200_firmware | <= 01.09.02.05 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Barco ClickShare CSC-1/ClickShare CSM-1 wallpaper.php cross site scripting (BID-94330)
vuldb·2026-05-13
CVE-2016-3150 [LOW] Barco ClickShare CSC-1/ClickShare CSM-1 wallpaper.php cross site scripting (BID-94330)
A vulnerability was found in Barco ClickShare CSC-1 and ClickShare CSM-1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file wallpaper.php. Executing a manipulation can lead to cross site scripting.
This vulnerability is registered as CVE-2016-3150. It is possible to launch the attack remotely. No exploit is available.
It is recommended to upgrade the affected component.
GHSA
GHSA-f5fp-r73r-m33f: Cross-site scripting (XSS) vulnerability in wallpaper
ghsa_unreviewed·2022-05-14
CVE-2016-3150 [MEDIUM] CWE-79 GHSA-f5fp-r73r-m33f: Cross-site scripting (XSS) vulnerability in wallpaper
Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.htmlhttp://www.securityfocus.com/archive/1/539754/100/0/threadedhttp://www.securityfocus.com/bid/94330http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.htmlhttp://www.securityfocus.com/archive/1/539754/100/0/threadedhttp://www.securityfocus.com/bid/94330
2017-01-12
Published