Automated Logic · Webctrl System · CVE-2020-19762
Name of the Vulnerable Software and Affected Versions:
Automated Logic Corporation (ALC) WebCTRL System versions 6.5 and prior
Description:
The issue allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
Recommendations:
For versions 6.5 and prior, consider disabling the ability to execute JavaScript code via GET requests as a temporary workaround until a patch is available.
Restrict access to the first parameter in GET requests to minimize the risk of exploitation.