CVE-2017-12439
HIGHSocuSoft Flash Slideshow Maker Professional <5.20 - XSS
Title source: llmDescription
SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues.
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/143542/Flash-Slideshow-Maker-Professional-XSS-Content-Forgery-Redirect.html
Scores
CVSS v3
7.5
EPSS
0.0064
EPSS Percentile
46.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
socusoft/flash_slideshow_maker
< 5.20
Published
Aug 05, 2017
Tracked Since
Feb 18, 2026