Cross Site Scripting Vulnerability in Scada-LTS Software by Unknown Vendor
CVE-2025-9233

5.1MEDIUM

Key Information:

Vendor

Unknown

Status
Scada-lts
Vendor
CVE Published:
20 August 2025

What is CVE-2025-9233?

A security vulnerability has been identified in Scada-LTS up to version 2.7.8.1, specifically in the function located within the file view_edit.shtm. The flaw arises from the improper handling of the input parameter 'Name', allowing attackers to execute cross site scripting attacks remotely. This vulnerability has been made public, and the potential for exploitation emphasizes the need for immediate attention and remedial action to safeguard affected systems.

Affected Version(s)

Scada-LTS 2.7.8.0

Scada-LTS 2.7.8.1

References

https://vuldb.com/?id.320766
vdb-entrytechnical-description
https://vuldb.com/?ctiid.320766
signaturepermissions-required
https://vuldb.com/?submit.631118
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
.