Описание
A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-9143
- https://github.com/KarinaGante/KGSec/blob/main/CVEs/Scada-LTS/3.md
- https://github.com/KarinaGante/KGSec/blob/main/CVEs/Scada-LTS/3.md#poc
- https://karinagante.github.io/cve-2025-9143
- https://karinagante.github.io/cve-2025-9143/#proof-of-concept-poc
- https://vuldb.com/?ctiid.320521
- https://vuldb.com/?id.320521
- https://vuldb.com/?submit.628437
Связанные уязвимости
A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Уязвимость многоплатформенного веб-решения для создания Scada-систем Scada-LTS, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки