PT-2021-10405 · Automated Logic · Webctrl System
İsmail Erkek
·
Published
2021-02-22
·
Updated
2021-02-26
·
CVE-2020-19762
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Automated Logic Corporation (ALC) WebCTRL System versions 6.5 and prior
Description:
The issue allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request.
Recommendations:
For versions 6.5 and prior, consider disabling the ability to execute JavaScript code via GET requests as a temporary workaround until a patch is available.
Restrict access to the first parameter in GET requests to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webctrl System