Cross Site Scripting Vulnerability in Scada-LTS Software by Scada-LTS
CVE-2025-9235

5.1MEDIUM

Key Information:

Vendor

Scada-LTS

Status
Scada-lts
Vendor
CVE Published:
20 August 2025

What is CVE-2025-9235?

A vulnerability in Scada-LTS software allows attackers to exploit the compound_events.shtm file through improper handling of the 'Name' argument, leading to cross site scripting (XSS). This XSS flaw can be executed remotely, enabling attackers to inject arbitrary scripts into web pages viewed by users, potentially compromising user sessions and data integrity. Users of Scada-LTS versions up to 2.7.8.1 are at risk and should implement security measures and updates as soon as they are available to mitigate this threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Scada-LTS 2.7.8.0

Scada-LTS 2.7.8.1

References

https://vuldb.com/?id.320768
vdb-entrytechnical-description
https://vuldb.com/?ctiid.320768
signaturepermissions-required
https://vuldb.com/?submit.631120
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

marceloQz (VulDB User)
marceloQz (VulDB User)
JSON
.