Stored Cross-Site Scripting Vulnerability in ITS Intelligent SCADA System by ITP Technology
CVE-2026-10057

4.8MEDIUM

Key Information:

Vendor: Itp Technology
Status: Its Intelligent Scada System
Vendor: CVE Published:; 29 May 2026

🔔 Create Itp Technology Vulnerability Alert

What is CVE-2026-10057?

The ITS Intelligent SCADA System by ITP Technology is vulnerable to Stored Cross-Site Scripting. This exposure allows attackers with privileges to inject malicious JavaScript code, which is executed in users' browsers once the affected web page is loaded. Successful exploitation could lead to session hijacking, defacement, or other malicious actions that compromise user security. It's crucial for users and administrators to apply relevant security measures to mitigate the risks associated with this vulnerability. For further insights, refer to the advisories provided by authoritative sources.

Affected Version(s)

ITS Intelligent SCADA System 2.1

References

https://www.twcert.org.tw/tw/cp-132-10941-6c082-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10942-2b78b-2.html

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

CVE-2026-10057 Data

JSON