CVE-2024-5540 MEDIUM

CVE-2024-5540: ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting

Vendor Automated Logic
Product WebCTRL
Weakness CWE-79 · XSS
Published November 27, 2025
Last update November 28, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser .

Key dates

02Disclosure timeline

November 27, 2025 CVE published
November 28, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-51835 WordPress OpenCart Product Display plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-36194 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-36147 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-4021 Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2025-47557 WordPress MapSVG plugin <= 8.5.31 - Cross Site Scripting (XSS) vulnerability