Описание
A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.
A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-9235
- https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/CVE-2025-9235.md
- https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/Stored%20XSS%20endpoint%20compound_events.shtm%20parameter%20name.md#poc
- https://vuldb.com/?ctiid.320768
- https://vuldb.com/?id.320768
- https://vuldb.com/?submit.631120
Связанные уязвимости
A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.