Vulnerabilities (CVE)

Filtered by vendor Barco Subscribe
Filtered by product Control Room Management Suite
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26978 1 Barco 1 Control Room Management Suite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS.
CVE-2022-26977 1 Barco 1 Control Room Management Suite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS.
CVE-2022-26976 1 Barco 1 Control Room Management Suite 2024-11-21 3.5 LOW 5.4 MEDIUM
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS.
CVE-2022-26975 1 Barco 1 Control Room Management Suite 2024-11-21 5.0 MEDIUM 7.5 HIGH
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication.
CVE-2022-26974 1 Barco 1 Control Room Management Suite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS.
CVE-2022-26973 1 Barco 1 Control Room Management Suite 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details.
CVE-2022-26972 1 Barco 1 Control Room Management Suite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.
CVE-2022-26971 1 Barco 1 Control Room Management Suite 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication.
CVE-2022-26233 1 Barco 1 Control Room Management Suite 2024-11-21 5.0 MEDIUM 7.5 HIGH
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begin with the "GET /..\.." substring.