Reflected XSS Vulnerability in Barco Control Room Management Suite
CVE-2022-26974

6.1MEDIUM

Key Information:

Vendor: Barco
Status: Control Room Management Suite
Vendor: CVE Published:; 2 June 2022

What is CVE-2022-26974?

The Barco Control Room Management Suite, part of TransForm N before version 3.14, is vulnerable due to improper input validation in its file upload feature. This flaw allows attackers to execute arbitrary script code in the context of users' sessions, leading to potential data theft and session hijacking. It's essential for users to take immediate actions to secure their systems and apply the necessary patches.

References

https://www.barco.com/en/support/transform-n-management-s...

x_refsource_MISC

https://www.barco.com/en/support/knowledge-base/KB12684

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2022
Vulnerability Reserved
Mar 12, 2022