Scada-LTS 2.7.8 Vulnerable to Cross-Site Scripting Exploit
CVE-2024-7901

5.4MEDIUM

Key Information:

Vendor

Scada-LTS

Status
Scada-lts
Vendor
CVE Published:
17 August 2024

What is CVE-2024-7901?

A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

Scada-LTS 2.7.8

References

https://vuldb.com/?id.274909
vdb-entry
https://vuldb.com/?ctiid.274909
signaturepermissions-required
https://vuldb.com/?submit.387606
third-party-advisory

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Stux (VulDB User)
.
CVE-2024-7901 : Scada-LTS 2.7.8 Vulnerable to Cross-Site Scripting Exploit