cvedb.io
CVE-2017-0912
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2018-07-03T21:29:00.217 · Last modified 2026-06-17T00:58:30.917

Summary

Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling".

Affected products

ui — ucrm

Does this affect you?

Add your gear to cvedb and we'll alert you only when ui ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.