CVE-2022-26978

Name of the Vulnerable Software and Affected Versions Barco Control Room Management Suite web application version prior to 3.14

Description The issue concerns the exposure of a URL "/checklogin.jsp" endpoint, where the os username parameter is not correctly sanitized. This leads to reflected XSS, allowing potential attackers to inject malicious scripts.

Recommendations For versions prior to 3.14, consider disabling access to the "/checklogin.jsp" endpoint until a patch is available. As a temporary workaround, restrict the use of the os username parameter in the affected endpoint to minimize the risk of exploitation.