CVE-2012-4970

Published: Jan 1, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (15)

Products: Polycom: Hdx System Software

Polycom

1 product

Hdx System Software

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Polycom Hdx System Software	Up to 2.7.1_j
Polycom Hdx System Software	Version 2.0.5_j
Polycom Hdx System Software	Version 2.5.0.7
Polycom Hdx System Software	Version 2.5.0.7_g
Polycom Hdx System Software	Version 2.6.1.3
Polycom Hdx System Software	Version 2.6.1
Polycom Hdx System Software	Version 2.7.0_j

Configuration B

8 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Polycom Hdx System Software	Up to 3.0.4
Polycom Hdx System Software	Version 3.0.0.1
Polycom Hdx System Software	Version 3.0.0.2
Polycom Hdx System Software	Version 3.0.0
Polycom Hdx System Software	Version 3.0.1
Polycom Hdx System Software	Version 3.0.2
Polycom Hdx System Software	Version 3.0.3.1
Polycom Hdx System Software	Version 3.0.3

Running on/with	Platform Versions
Polycom Hdx 4002	All versions
Polycom Hdx 4500	All versions
Polycom Hdx 6000	All versions
Polycom Hdx 7001	All versions
Polycom Hdx 7002	All versions
Polycom Hdx 8002	All versions
Polycom Hdx 8004	All versions
Polycom Hdx 8006	All versions
Polycom Hdx 9002	All versions
Polycom Hdx 9004	All versions
Polycom Hdx 9006	All versions