Primary

Context

ALC WebCTRL and Carrier i-Vu Reflective Cross-Site Scripting Vulnerability

Vulnerability

A reflective cross-site scripting vulnerability has been identified in ALC WebCTRL and Carrier i-Vu, affecting versions prior to 8.0. This vulnerability is present in the login panels of the applications, allowing a malicious actor to compromise the client's browser.

Impact

Exploitation of this vulnerability allows for reflective cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Added: Nov 27, 2025, 1:18 AM

Updated: Nov 27, 2025, 1:18 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ALC WebCTRL and Carrier i-Vu Reflective Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

Automated Logic WebCTRL

Carrier i-Vu

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating