CVE-2025-9233

LOW

Scada-LTS < 2.7.8.1 - Stored Cross-Site Scripting via view_edit.shtm Name Parameter

Title source: llm
STIX 2.1

Description

A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.320766
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.320766
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.631118

Scores

CVSS v3 3.5
EPSS 0.0026
EPSS Percentile 17.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
scada-lts/scada-lts < 2.7.8.1
Published Aug 20, 2025
Tracked Since Feb 18, 2026