CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26978
https://notcve.org/view.php?id=CVE-2022-26978
01 Jun 2022 — Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. La aplicación web Barco Control Room Management Suite, que forma parte de TransForm N versiones anteriores a 3.14, expone un endpoint URL /checklogin.jsp. Los parámetros os_username no están correctamente saneados, conllevando a un XSS reflejado • https://www.barco.com/en/support/knowledge-base/KB12686 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26977
https://notcve.org/view.php?id=CVE-2022-26977
01 Jun 2022 — Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. La aplicación web Barco Control Room Management Suite, que forma parte de TransForm N versiones anteriores a 3.14, expone un mecanismo de carga de archivos de licencia. Una falta de saneo de la entrada del mecanismo de carga conlleva a un XSS almacenado • https://www.barco.com/en/support/knowledge-base/KB12683 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26976
https://notcve.org/view.php?id=CVE-2022-26976
01 Jun 2022 — Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. La aplicación web Barco Control Room Management Suite, que forma parte de TransForm N versiones anteriores a 3.14, expone un mecanismo de carga de archivos de licencia. Una falta de saneo de entradas en el mecanismo de carga conlleva a un XSS reflejado • https://www.barco.com/en/support/knowledge-base/KB12682 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26975
https://notcve.org/view.php?id=CVE-2022-26975
01 Jun 2022 — Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. La aplicación web Barco Control Room Management Suite, que forma parte de TransForm N versiones anteriores a 3.14, expone archivos de registro sin autenticación • https://www.barco.com/en/support/knowledge-base/KB12677 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26974
https://notcve.org/view.php?id=CVE-2022-26974
01 Jun 2022 — Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. La aplicación web Barco Control Room Management Suite, que forma parte de TransForm N versiones anteriores a 3.14, está exponiendo un mecanismo de carga de archivos. Una falta de saneo de entradas en el mecanismo de carga conlleva a un XSS reflejado • https://www.barco.com/en/support/knowledge-base/KB12684 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26973
https://notcve.org/view.php?id=CVE-2022-26973
01 Jun 2022 — Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. La aplicación web Barco Control Room Management Suite, que forma parte de TransForm N versiones anteriores a 3.14, expone un mecanismo de carga de archivos de licencia. Al modificar el nombre del archivo de licencia, el mensaje de error devuelto expone detalles de la r... • https://www.barco.com/en/support/knowledge-base/KB12678 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26972
https://notcve.org/view.php?id=CVE-2022-26972
01 Jun 2022 — Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. La aplicación web Barco Control Room Management Suite, que forma parte de TransForm N versiones anteriores a 3.14, expone un endpoint URL /cgi-bin. Los parámetros de la URL no están correctamente saneados, conllevando a un XSS reflejado • https://www.barco.com/en/support/knowledge-base/KB12685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26971
https://notcve.org/view.php?id=CVE-2022-26971
01 Jun 2022 — Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. La aplicación web Barco Control Room Management Suite, que forma parte de TransForm N versiones anteriores a 3.14, expone un mecanismo de carga de archivos de licencia. Esta carga puede ser ejecutada sin autenticación • https://www.barco.com/en/support/knowledge-base/KB12681 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2022-26233 – Barco Control Room Management Suite Directory Traversal
https://notcve.org/view.php?id=CVE-2022-26233
03 Apr 2022 — Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring. Se ha detectado que Barco Control Room Management versiones hasta Suite 2.9 Build 0275, es vulnerable a un salto de directorio, permitiendo a atacantes acceder a información y componentes confidenciales. Las solicitudes deben comenzar con la subcadena "GET /..\N" Barco Control... • https://packetstorm.news/files/id/166577 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •