CVE-2025-10234

Sažetak

A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://medium.com/@warlleyfreire/stored-xss-in-scada-lts-data-point-edit-42c7383402f0
https://vuldb.com/?ctiid.323503
https://vuldb.com/?id.323503
https://vuldb.com/?submit.641896

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.4

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:M/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-09-2025 - 00:15

Objavljeno

11-09-2025 - 00:15