CVE-2024-5540— ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-5540
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
The reflective cross-site scripting vulnerability found in ALC WebCTRL and Carrier i-Vu in versions older than 8.0 affects login panels allowing a malicious actor to compromise the client browser .
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Automated Logic WebCtrl和Carrier i-Vu 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Automated Logic WebCtrl是美国Automated Logic公司的一个基于 Web 的楼宇自动化系统的服务器。Carrier i-Vu是美国Carrier公司的一个楼宇管理系统平台。 Automated Logic WebCtrl和Carrier i-Vu 8.0之前版本存在安全漏洞,该漏洞源于登录面板存在反射型跨站脚本,可能导致客户端浏览器被攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Automated Logic | WebCTRL | 0 ~ 8.0 | - | |
| Carrier | i-Vu | 0 ~ 8.0 | - |
II. Public POCs for CVE-2024-5540
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-5540
请登录查看更多情报信息。
Same Patch Batch · Automated Logic · 2025-11-27 · 4 CVEs total
| CVE-2024-5539 | ALC WebCTRL Carrier i-Vu Access Control Bypass | |
| CVE-2025-0658 | Automated Logic and Carrier Zone Controllers malformed packets denial of service | |
| CVE-2025-0657 | ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range |
IV. Related Vulnerabilities
Same product: WebCTRL
- CVE-2025-14295
Automated Logic WebCTRL and Carrier i-Vu Session Fixation - CVE-2024-5539
ALC WebCTRL Carrier i-Vu Access Control Bypass - CVE-2025-0657
ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index ou - CVE-2024-8528
ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized pa - CVE-2024-8527
ALC WebCTRL Carrier i-Vu Open Redirect via URL parameter
Same vendor: Automated Logic
- CVE-2026-24060
Automated Logic WebCTRL Premium Server Cleartext Transmissio - CVE-2026-32666
Automated Logic WebCTRL Premium Server Authentication Bypass - CVE-2026-25086
Automated Logic WebCTRL Premium Server Multiple Binds to the - CVE-2025-14295
Automated Logic WebCTRL and Carrier i-Vu Session Fixation - CVE-2024-5539
ALC WebCTRL Carrier i-Vu Access Control Bypass
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2024-5540
No comments yet