CVE-2017-12460
published 2017-10-30CVE-2017-12460: An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper…
PriorityP425medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.64%
46.1th percentile
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| barco | clickshare_csc-1_firmware | < 1.10.0.10 | 1.10.0.10 |
| barco | clickshare_csm-1_firmware | < 1.7.0.3 | 1.7.0.3 |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.barco.com/en/Support/software/R33050037https://www.barco.com/en/support/knowledge-base/KB5169https://www.barco.com/en/support/software/R33050020https://www.barco.com/en/Support/software/R33050037https://www.barco.com/en/support/knowledge-base/KB5169https://www.barco.com/en/support/software/R33050020
2017-10-30
Published