CVE-2021-31682

Name of the Vulnerable Software and Affected Versions Automated Logic WebCTRL/WebCTRL OEM versions 6.5 and below

Description The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains an issue that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This occurs when a basic XSS payload is passed to the vulnerable operatorlocale parameter, which is then reflected in the output without proper sanitization.

Recommendations For versions 6.5 and below, consider disabling the operatorlocale parameter in the login portal until a patch is available to prevent reflected XSS attacks. Restrict access to the login portal to minimize the risk of exploitation. Avoid using the operatorlocale parameter in the affected API endpoint until the issue is resolved.