An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product.
In the past an HTML injection could be triggered by uploading a wallpaper with a specially crafted name. As special characters were not neutralized before output.
This security vulnerability (CVE-2017-12460.) has been fixed.
If you experience this behaviour please update to:
- CSC-1 Base Unit Firmware v1.10.0.10 or higher.
- CSM-1 Base Unit Firmware v1.7.0.3 or higher.
(Credits to Bikramaditya Guha for reporting)