CVE-2025-9388

Sažetak

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Reference

https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/CVE-2025-9388.md
https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/Stored_XSS_endpoint_watch_list.shtm_parameter_name.md#poc
https://vuldb.com/?ctiid.321221
https://vuldb.com/?id.321221
https://vuldb.com/?submit.630800
https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/CVE-2025-9388.md
https://vuldb.com/?submit.630800

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-09-2025 - 15:37

Objavljeno

24-08-2025 - 13:15