CVE-2022-26978 Information

Description

Barco Control Room Management Suite web application which is part of TransForm N before 3.14 is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized leading to reflected XSS.

Reference

https://www.barco.com/en/support/transform-n-management-server https://www.barco.com/en/support/knowledge-base/KB12686