Its Intelligent Scada System
Monthly
Stored Cross-Site Scripting in ITP Technology's ITS Intelligent SCADA System enables authenticated, high-privileged remote attackers to inject persistent JavaScript payloads that execute in the browsers of other users upon page load. The changed scope (S:C in CVSS) indicates the injected script breaks out of the attacker's session context and affects victim users browsing the same application, potentially enabling session hijacking, credential theft, or lateral movement within the SCADA management interface. No public exploit code has been identified at time of analysis, and no confirmed active exploitation is on record.
Stored Cross-Site Scripting in ITP Technology's ITS Intelligent SCADA System enables privileged remote attackers to inject persistent JavaScript payloads into the application that execute automatically in other users' browsers upon page load. Affected are all versions per CPE data (cpe:2.3:a:itp_technology:its_intelligent_scada_system:*:*:*:*:*:*:*:*), meaning the entire product line carries this exposure. This vulnerability is not confirmed actively exploited (CISA KEV), no public exploit code has been identified, and EPSS data was not provided in available intelligence.
Stored Cross-Site Scripting in ITP Technology's ITS Intelligent SCADA System enables authenticated, high-privileged remote attackers to inject persistent JavaScript payloads that execute in the browsers of other users upon page load. The changed scope (S:C in CVSS) indicates the injected script breaks out of the attacker's session context and affects victim users browsing the same application, potentially enabling session hijacking, credential theft, or lateral movement within the SCADA management interface. No public exploit code has been identified at time of analysis, and no confirmed active exploitation is on record.
Stored Cross-Site Scripting in ITP Technology's ITS Intelligent SCADA System enables privileged remote attackers to inject persistent JavaScript payloads into the application that execute automatically in other users' browsers upon page load. Affected are all versions per CPE data (cpe:2.3:a:itp_technology:its_intelligent_scada_system:*:*:*:*:*:*:*:*), meaning the entire product line carries this exposure. This vulnerability is not confirmed actively exploited (CISA KEV), no public exploit code has been identified, and EPSS data was not provided in available intelligence.