CVE-2024-7901

LOW

Scada-LTS 2.7.8 - Cross-Site Scripting in Message Handler

Title source: llm
STIX 2.1

Description

A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: A fix is planned for the upcoming release at the end of September 2024.

References (3)

Core 3
Core References
Permissions Required, Third Party Advisory, VDB Entry vdb-entry
https://vuldb.com/?id.274909
Permissions Required, Third Party Advisory, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.274909
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.387606

Scores

CVSS v3 3.5
EPSS 0.0034
EPSS Percentile 26.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
scada-lts/scada-lts 2.7.8
Published Aug 17, 2024
Tracked Since Feb 18, 2026