Medium severity5.4NVD Advisory· Published Oct 30, 2017· Updated Jun 17, 2026
CVE-2017-12460
CVE-2017-12460
Description
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.
Affected products
5cpe:2.3:o:barco:clickshare_csc-1_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:barco:clickshare_csc-1_firmware:*:*:*:*:*:*:*:*range: <1.10.0.10
- (no CPE)range: <1.10.0.10
cpe:2.3:o:barco:clickshare_csm-1_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:barco:clickshare_csm-1_firmware:*:*:*:*:*:*:*:*range: <1.7.0.3
- (no CPE)range: <1.7.0.3
- Range: <1.7.0.3 or <1.10.0.10
Patches
Vulnerability mechanics
References
3- www.barco.com/en/Support/software/R33050037nvdIssue TrackingVendor Advisory
- www.barco.com/en/support/knowledge-base/KB5169nvdIssue TrackingVendor Advisory
- www.barco.com/en/support/software/R33050020nvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.