Cross-Site Scripting Vulnerability in Polycom HDX Video End Points
CVE-2012-4970

Currently unrated

Key Information:

Vendor: Polycom
Status: Hdx System Software
Vendor: CVE Published:; 1 January 2013

What is CVE-2012-4970?

A Cross-Site Scripting (XSS) vulnerability exists within the web management interface of Polycom HDX Video End Points. This flaw affects devices running UC APL software prior to version 2.7.1.1_J and commercial software prior to version 3.0.5. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML, potentially compromising the security of the affected system through unspecified vectors.

References

http://www.securitytracker.com/id?1027926

vdb-entryx_refsource_SECTRACK

http://archives.neohapsis.com/archives/bugtraq/2012-12/01...

mailing-listx_refsource_BUGTRAQ

http://knowledgebase-iframe.polycom.com/kb/knowledgebase/...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 1, 2013
Vulnerability Reserved
Sep 19, 2012