9 matches found
CVE-2022-26233
CVE-2022-26233 affects Barco Control Room Management Suite prior to or equal to 2.9 Build 0275. The vulnerability is a local file inclusion/directory traversal (LFI) where inputs from URLs are not properly sanitized, allowing an attacker to read sensitive files. The attack vector described is a c...
CVE-2022-26975
CVE-2022-26975 affects the Barco Control Room Management Suite web application (part of TransForm N) prior to version 3.14. The issue is exposure of log files without authentication, as documented by Red Hat/NVD entries and vendor references. CVSSv3.1 base score 7.5 (HIGH) with HIGH confidentiali...
CVE-2022-26974
The CVE affects Barco Control Room Management Suite web application (TransForm N before 3.14). A lack of input sanitization in the file-upload mechanism allows reflected XSS in the affected component. Red Hat and CNVD entries corroborate the vulnerability before version 3.14. Remediation is to up...
CVE-2022-26976
The CVE-2022-26976 entry concerns Barco Control Room Management Suite (TransForm N before 3.14). The vulnerability is due to lack of input sanitization in a license file upload mechanism, enabling reflected XSS. The available documents confirm the affected product and the injection vector, but do...
CVE-2022-26977
The Barco Control Room Management Suite web application (TransForm N before 3.14) exposes a license file upload mechanism with insufficient input sanitization, resulting in stored XSS. Affected component is the upload handling; impact is client-side script execution. No exploitation details are p...
CVE-2022-26972
Barco Control Room Management Suite (TransForm N) web application is affected up to version 3.14. The vulnerability stems from unsanitized URL parameters on the /cgi-bin endpoint, enabling reflected cross-site scripting (XSS). Multiple connected sources corroborate the issue and scope, without de...
CVE-2022-26973
The Barco Control Room Management Suite web application (TransForm N) prior to version 3.14 exposes a license file upload mechanism. The root cause is a flaw in handling the license file name, where manipulating the filename causes the application to return an error message that reveals internal ...
CVE-2022-26971
Barco Control Room Management Suite web application (TransForm N, before version 3.14) exposes a license file upload mechanism that can be triggered without authentication. Root cause: unauthenticated upload path accessible in the web interface. Impact: enables unauthorized file uploads (license ...
CVE-2022-26978
Barco Control Room Management Suite (TransForm N) before version 3.14 is affected. The vulnerability is a reflected XSS in the /checklogin.jsp endpoint where the os_username parameter is not properly sanitized, allowing client-side script execution. Exploitation context is network-based via that ...