Scada Lts
Monthly
Stored cross-site scripting (XSS) in Scada-LTS up to version 2.7.8.1 allows authenticated remote attackers to inject malicious scripts via the Username parameter in the usersProfiles.shtm file, with user interaction required to trigger payload execution. The vulnerability has a very low CVSS score (2.0) due to authentication and user interaction requirements, but public exploit code is available and vendor has confirmed remediation in version 2.8.0.
Stored cross-site scripting (XSS) in Scada-LTS up to 2.7.8.1 allows authenticated users to inject malicious scripts via the Username parameter in the users.shtm file, enabling session hijacking or credential theft when administrators view affected user profiles. The vulnerability requires user interaction (clicking a malicious link) and authenticated access, resulting in low integrity impact. Public exploit code exists, though active exploitation has not been confirmed beyond disclosure. The vendor confirmed remediation in version 2.8.0.
Stored cross-site scripting (XSS) in Scada-LTS up to version 2.7.8.1 allows authenticated remote attackers to inject malicious scripts via the Username parameter in the usersProfiles.shtm file, with user interaction required to trigger payload execution. The vulnerability has a very low CVSS score (2.0) due to authentication and user interaction requirements, but public exploit code is available and vendor has confirmed remediation in version 2.8.0.
Stored cross-site scripting (XSS) in Scada-LTS up to 2.7.8.1 allows authenticated users to inject malicious scripts via the Username parameter in the users.shtm file, enabling session hijacking or credential theft when administrators view affected user profiles. The vulnerability requires user interaction (clicking a malicious link) and authenticated access, resulting in low integrity impact. Public exploit code exists, though active exploitation has not been confirmed beyond disclosure. The vendor confirmed remediation in version 2.8.0.