Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS.Referenceshttps://www.barco.com/en/support/transform-n-management-serverhttps://www.barco.com/en/support/knowledge-base/KB12685
