Описание
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-9388
- https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/CVE-2025-9388.md
- https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/Stored_XSS_endpoint_watch_list.shtm_parameter_name.md#poc
- https://vuldb.com/?ctiid.321221
- https://vuldb.com/?id.321221
- https://vuldb.com/?submit.630800
Связанные уязвимости
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Уязвимость многоплатформенного веб-решения для создания Scada-систем Scada-LTS, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю проводить межсайтовые сценарные атаки