Barco search

Is ClickShare protected against HTML injection?

Article number: [4086] - Legacy code: [5169]

Applicable to

An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product.
In the past an HTML injection could be triggered by uploading a wallpaper with a specially crafted name. As special characters were not neutralized before output.

This security vulnerability (CVE-2017-12460.) has been fixed.

If you experience this behaviour please update to:

  • CSC-1 Base Unit Firmware v1.10.0.10 or higher.
  • CSM-1 Base Unit Firmware v1.7.0.3 or higher.

(Credits to Bikramaditya Guha for reporting)

Properties

Last updated Jun 14, 2022