Stored Cross-Site Scripting Vulnerability in ITS Intelligent SCADA System by ITP Technology
CVE-2026-10058

4.8MEDIUM

Key Information:

Vendor: Itp Technology
Status: Its Intelligent Scada System
Vendor: CVE Published:; 29 May 2026

🔔 Create Itp Technology Vulnerability Alert

What is CVE-2026-10058?

The ITS Intelligent SCADA System by ITP Technology is susceptible to a Stored Cross-Site Scripting vulnerability. This flaw enables privileged remote attackers to inject persistent JavaScript code into the application. Upon page load, this malicious code executes in users' browsers, potentially leading to unauthorized data access or manipulation. Organizations using the ITS Intelligent SCADA System should take proactive steps to mitigate this vulnerability and protect their systems from exploitation.

Affected Version(s)

ITS Intelligent SCADA System 2.1

References

https://www.twcert.org.tw/tw/cp-132-10941-6c082-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10942-2b78b-2.html

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

CVE-2026-10058 Data

JSON