CVE-2017-12439: CSRF

Q: What is the severity of CVE-2017-12439?

CVE-2017-12439 is classified as a medium severity vulnerability due to potential cross-site scripting and content forgery risks.

Q: How do I fix CVE-2017-12439?

To fix CVE-2017-12439, upgrade to a version of Socusoft Flash Slideshow Maker that is above 5.20 and avoid using untrusted XML configuration files.

Q: What types of attacks are possible due to CVE-2017-12439?

CVE-2017-12439 can facilitate content forgery, cross-site scripting, and unvalidated redirects.

Q: Which version of Socusoft Flash Slideshow Maker is affected by CVE-2017-12439?

Socusoft Flash Slideshow Maker versions up to and including 5.20 are affected by CVE-2017-12439.

Q: What input does CVE-2017-12439 trust that may lead to vulnerabilities?

CVE-2017-12439 trusts user-supplied input in the xml_path HTTP parameter, which can lead to potential exploitation.

Published Aug 5, 2017

Updated

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues.

Affected Software

1 affected component

Socusoft Flash Slideshow Maker<=5.20

Event History

Aug 5, 2017

CVE Published

via MITRE·03:00 PM

Data Sourced

via MITRE·03:00 PM

Description

Frequently Asked Questions

What is the severity of CVE-2017-12439?

CVE-2017-12439 is classified as a medium severity vulnerability due to potential cross-site scripting and content forgery risks.

How do I fix CVE-2017-12439?

To fix CVE-2017-12439, upgrade to a version of Socusoft Flash Slideshow Maker that is above 5.20 and avoid using untrusted XML configuration files.

What types of attacks are possible due to CVE-2017-12439?

CVE-2017-12439 can facilitate content forgery, cross-site scripting, and unvalidated redirects.

Which version of Socusoft Flash Slideshow Maker is affected by CVE-2017-12439?

Socusoft Flash Slideshow Maker versions up to and including 5.20 are affected by CVE-2017-12439.

What input does CVE-2017-12439 trust that may lead to vulnerabilities?

CVE-2017-12439 trusts user-supplied input in the xml_path HTTP parameter, which can lead to potential exploitation.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.