Unrated severityNVD Advisory· Published Oct 22, 2021· Updated Aug 3, 2024
CVE-2021-31682
CVE-2021-31682
Description
The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Automated Logic/WebCTRL/WebCTRL OEM web applicationdescription
- Range: <=6.5
Patches
Vulnerability mechanics
References
2- packetstormsecurity.com/files/164707/WebCTRL-OEM-6.5-Cross-Site-Scripting.htmlmitrex_refsource_MISC
- www.automatedlogic.com/en/products-services/webctrl-building-automation-system/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.