CVE-2024-5540 | THREATINT

Description

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser .

PUBLISHED Reserved 2024-05-30 | Published 2025-11-27 | Updated 2025-11-28 | Assigner Carrier

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

Any version before 8.0

affected

Default status

unaffected

Any version before 8.0

affected

Credits

Steve Knabe from Praetorian reporter

Inacio Santos reporter

References

www.corporate.carrier.com/...-security/advisories-resources/

cve.org (CVE-2024-5540)

nvd.nist.gov (CVE-2024-5540)

Download JSON

help @ threatint.eu