Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.
References
Link | Resource |
---|---|
https://www.barco.com/en/support/transform-n-management-server | Product Vendor Advisory |
https://www.barco.com/en/support/knowledge-base/KB12686 | Vendor Advisory |
Configurations
Information
Published : 2022-06-02 07:15
Updated : 2022-06-09 11:44
NVD link : CVE-2022-26978
Mitre link : CVE-2022-26978
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
barco
- control_room_management_suite