Security for everyone

CVE-2021-31682 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Automated Logic WebCTRL/WebCTRL OEM affects v. 6.5 and below.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2021-31682 Scanner Detail

Automated Logic WebCTRL/WebCTRL OEM is a web application used for monitoring and controlling HVAC systems in buildings. This product is widely used in commercial buildings to ensure the comfort and safety of occupants through optimized heating, ventilation, and air conditioning. It allows facility managers to remotely control and monitor HVAC equipment, temperature, humidity, and lighting.

CVE-2021-31682 is a vulnerability detected in the Automated Logic WebCTRL/WebCTRL OEM login portal. Due to the operatorlocale GET parameter not being sanitized, reflected XSS attacks can be executed. This vulnerability affects versions 6.5 and below. Attackers can exploit this flaw by injecting malicious code into a GET parameter, which will be reflected back to the user's browser without sanitization.

This vulnerability can lead to a variety of negative consequences when exploited. Attackers can steal sensitive data, such as login credentials, by tricking users into clicking on a malicious link. They can also inject malware, creating a backdoor that allows them unrestricted access to the HVAC system. This can result in significant damage to the building's infrastructure, compromised security, and financial loss.

At securityforeveryone.com, we provide a platform that enables users to quickly and easily identify vulnerabilities in their digital assets. Our pro features allow users to perform in-depth vulnerability scans, receive real-time alerts, and access an extensive database of security issues. By leveraging the power of our platform, users can proactively identify and resolve security issues before they become a problem. With securityforeveryone.com, you can rest assured that your digital assets are always secure.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture