Pablo Seijo Cajaraville

**Name of the Vulnerable Software and Affected Versions** Alcatel OmniVista versions 4760 R4.2 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `action` parameter to "php-bin/Webclient.php" or the `Langue` parameter to the default URI. **Recommendations** For Alcatel OmniVista versions 4760 R4.2 and earlier, consider restricting access to the "php-bin/Webclient.php" endpoint and the default URI to minimize the risk of exploitation. Avoid using the `action` and `Langue` parameters in the affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.