Jaryl Low

**Name of the Vulnerable Software and Affected Versions** Automated Logic WebCTRL and Carrier i-Vu versions 6.0 through 9.0 **Description** An open redirect exists due to a flaw in a URL parameter. This could allow attackers to exploit user sessions. **Recommendations** Versions 6.0 through 9.0 should be updated to a fixed version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Automated Logic WebCTRL and Carrier i-VU (affected versions not specified) **Description** A reflected cross-site scripting (XSS) issue exists due to a specific GET parameter not being properly sanitized. This allows for the delivery of a malicious payload through a crafted URL. The issue impacts Automated Logic WebCTRL and Carrier i-VU. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.