CVE-2022-26972

Name of the Vulnerable Software and Affected Versions Barco Control Room Management Suite web application version prior to 3.14

Description The issue is related to the exposure of a URL /cgi-bin endpoint in the web application, where URL parameters are not correctly sanitized. This leads to reflected XSS, allowing potential attacks.

Recommendations For versions prior to 3.14, update to version 3.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the /cgi-bin endpoint until a patch is available. Avoid using unsanitized URL parameters in the affected endpoint to minimize the risk of exploitation.