VYPR
Medium severity5.4NVD Advisory· Published Oct 30, 2017· Updated Jun 17, 2026

CVE-2017-12460

CVE-2017-12460

Description

An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output.

Affected products

5
  • cpe:2.3:o:barco:clickshare_csc-1_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:barco:clickshare_csc-1_firmware:*:*:*:*:*:*:*:*range: <1.10.0.10
    • (no CPE)range: <1.10.0.10
  • cpe:2.3:o:barco:clickshare_csm-1_firmware:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:barco:clickshare_csm-1_firmware:*:*:*:*:*:*:*:*range: <1.7.0.3
    • (no CPE)range: <1.7.0.3
  • Range: <1.7.0.3 or <1.10.0.10

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.