Vulnerability Details CVE-2016-3150
Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.8%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html
- http://www.securityfocus.com/archive/1/539754/100/0/threaded
- http://www.securityfocus.com/bid/94330
- http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html
- http://www.securityfocus.com/archive/1/539754/100/0/threaded
- http://www.securityfocus.com/bid/94330
Products affected by CVE-2016-3150
-
cpe:2.3:h:barco:clickshare_csc-1:-
-
cpe:2.3:h:barco:clickshare_cse-200:-
-
cpe:2.3:o:barco:clickshare_csc-1_firmware:01.09.02.03
-
cpe:2.3:o:barco:clickshare_csc-1_firmware:01.09.05.02
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:-
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:01.03.01.05
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:01.09.02.05
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.1.0.8
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.2.0.1
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.2.1.1
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.2.2.3
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.3.0.29
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.3.1.3
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.3.1.5
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.3.4.8
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.4.0.105
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.4.2.12
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.5.0.12
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.5.1.2
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.5.2.3
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.6.0.3
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.6.1.2
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.7.0.22
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.7.1.1
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.8.0.6
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.8.1.2
-
cpe:2.3:o:barco:clickshare_cse-200_firmware:1.9.1.7