ABB Cylon Aspect 3.08.02 (altlogin.php) Unauthenticated Reflected XSS

The ABB BMS/BAS controller suffers from an unauthenticated reflected cross-site scripting vulnerability. Input passed to the GET parameter ‘redirect’ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user’s browser session in context of an affected site.