CVE-2021-31682 – WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-31682

22 Oct 2021 — The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization. El portal de inicio de sesión de la aplicación web WebCTRL/WebCTRL OEM de Automated Logic contiene una vulnerabilidad que permite ata... • https://packetstorm.news/files/id/164707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •