Scada-LTS watch_list.shtm cross site scripting_CVE-2025-9388

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Basic Information

ID CVE-2025-9388

Source VulDB

Published Aug 24, 2025 at 12:32

Affected Product

Vendor n/a

Product Scada-LTS

Version 2.7.8.0

Affected Versions n/a Scada-LTS 2.7.8.0
n/a Scada-LTS 2.7.8.1

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.",
    "published": "2025-08-24T12:32:08.200Z",
    "modified": "2025-08-24T12:32:08.200Z",
    "type": "cve",
    "title": "Scada-LTS watch_list.shtm cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321221\nhttps://vuldb.com/?ctiid.321221\nhttps://vuldb.com/?submit.630800\nhttps://github.com/marcelomulder/CVE/blob/main/Scada-LTS/CVE-2025-9388.md\nhttps://github.com/marcelomulder/CVE/blob/main/Scada-LTS/Stored_XSS_endpoint_watch_list.shtm_parameter_name.md#poc",
    "id": "CVE-2025-9388",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "n/a Scada-LTS 2.7.8.0\nn/a Scada-LTS 2.7.8.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Scada-LTS",
    "version": "2.7.8.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}