Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 01:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html - | |
References | () http://knowledgebase-iframe.polycom.com/kb/knowledgebase/End%20User/Tech%20Alerts/Video/15990_fHDX%20XSS%20Vulnerability%20-%20Security%20Bulletin%20101521.pdf - | |
References | () http://www.securitytracker.com/id?1027926 - |
Information
Published : 2013-01-01 12:35
Updated : 2024-11-21 01:43
NVD link : CVE-2012-4970
Mitre link : CVE-2012-4970
CVE.ORG link : CVE-2012-4970
JSON object : View
Products Affected
polycom
- hdx_4500
- hdx_9004
- hdx_8002
- hdx_6000
- hdx_9006
- hdx_8004
- hdx_7001
- hdx_7002
- hdx_4002
- hdx_9002
- hdx_system_software
- hdx_8006
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')