Description
Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized.
CVSS breakdown
CVSS 4.0
Attack Vector
Local
Attack Complexity
High
Attack Requirements
Present
Privileges Required
Low
User Interaction
Passive
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
Low
Integrity (Subsequent System)
Low
Availability (Subsequent System)
Low
Affected products
- Automated Logic / WebCTRL6.0 – 9.0
- Carrier / i-Vu6.0 – 9.0