CNNVD-202511-2227 Information

Nov 19, 2025 cve

CNNVD ID

CNNVD-202511-2227

CVE-2024-8528

CNNVD Published: 2025-11-19

Description (Chinese)

Automated Logic WebCtrl是美国Automated Logic公司的一个基于 Web 的楼宇自动化系统的服务器。Carrier i-Vu是美国Carrier公司的一个楼宇管理系统平台。 Automated Logic WebCtrl和Carrier i-Vu存在安全漏洞，该漏洞源于未清理特定GET参数，可能导致反射型跨站脚本攻击。

Description (English)

Automated Logic WebCtrl is the server for a Web-based building automation system of the American company Automated Logic. Carrier i-Vu is a building management system platform of the United States company Carrier. There is a security loophole in Automated Logic WebCtrl and Carrier i-Vu, which originates from the failure to clear specific GT parameters and may lead to a reflective cross-site scrip attack.

Hazard Level

Medium

Vulnerability Type

其他

Published

2025-11-19

Last Modified

2026-02-24

References

https://www.corporate.carrier.com/product-security/advisories-resources/

Patch

https://www.corporate.carrier.com/product-security/advisories-resources/

Share on: