CVE-2022-26978: XSS
First published: Wed Jun 01 2022(Updated: )
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Barco Control Room Management Suite | <3.14.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of Barco Control Room Management Suite?
The vulnerability ID is CVE-2022-26978.
What is the severity of CVE-2022-26978?
The severity of CVE-2022-26978 is medium.
What is the affected software of CVE-2022-26978?
The affected software is Barco Control Room Management Suite before version 3.14.1.
What is the description of CVE-2022-26978?
CVE-2022-26978 is a vulnerability in Barco Control Room Management Suite web application that exposes a URL /checklogin.jsp endpoint allowing for reflected XSS due to incorrect sanitization of the os_username parameter.
How can CVE-2022-26978 be fixed?
To fix CVE-2022-26978, it is recommended to update Barco Control Room Management Suite to version 3.14.1 or later.
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/barco
- canonical/barco control room management suite