Cross Site Scripting Vulnerability in Scada-LTS Software by Scada-LTS
CVE-2025-9235
5.1MEDIUM
What is CVE-2025-9235?
A vulnerability in Scada-LTS software allows attackers to exploit the compound_events.shtm file through improper handling of the 'Name' argument, leading to cross site scripting (XSS). This XSS flaw can be executed remotely, enabling attackers to inject arbitrary scripts into web pages viewed by users, potentially compromising user sessions and data integrity. Users of Scada-LTS versions up to 2.7.8.1 are at risk and should implement security measures and updates as soon as they are available to mitigate this threat.
Affected Version(s)
Scada-LTS 2.7.8.0
Scada-LTS 2.7.8.1
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
marceloQz (VulDB User)
marceloQz (VulDB User)