CVE-2025-9145

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9143

A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailinglists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public a...

CVE-2025-9143

A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailinglists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public a...

CVE-2025-9144

A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisheredit.shtm. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be...

CVE-2025-9144

CVE-2025-9144 affects Scada-LTS 2.7.8.1, where manipulation of the Name argument in the file publisher_edit.shtm triggers cross-site scripting. The issue is exploitable remotely and public PoCs/exploits are available. Connected sources consistently identify an unknown code path in publisher_edit....

CVE-2025-9144 Scada-LTS publisher_edit.shtm cross site scripting

A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisheredit.shtm. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be...

CVE-2025-9144 Scada-LTS publisher_edit.shtm cross site scripting

A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisheredit.shtm. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be...

CVE-2025-9143

CVE-2025-9143 affects Scada-LTS 2.7.8.1, with a cross-site scripting flaw in mailing_lists.shtm triggered by manipulation of the parameters name/userList/address. The issue can be exploited remotely and an exploit has been released publicly; several connected sources corroborate remote exploitabi...

CVE-2025-9143 Scada-LTS mailing_lists.shtm cross site scripting

A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailinglists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public a...

CVE-2025-9138

A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Th...

CVE-2025-9138

A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Th...

CVE-2025-9139

A vulnerability was determined in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. The attack may be performed from a remote location. The explo...

CVE-2025-9137

A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduledevents.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-9137

A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduledevents.shtm. Such manipulation of the argument alias leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2025-9138 Scada-LTS new cross site scripting

A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Th...

CVE-2025-9137

CVE-2025-9137 affects Scada-LTS 2.7.8.1 and involves cross-site scripting via manipulation of the alias parameter in the scheduled_events.shtm file. The vulnerability is exploitable remotely; multiple sources describe an admin-permission requirement and note that an admin user can inject HTML/JS ...

Scada-LTS 代码注入漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A code injection vulnerability exists in Scada-LTS version 2.7.8.1, which stems from improper manipulation of the pointHierarchy/new/fileTitle parameter and could lead to a cross-site scripting attack...

Scada-LTS 代码注入漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A code injection vulnerability exists in Scada-LTS version 2.7.8.1, which stems from a cross-site scripting attack due to incorrect manipulation of the parameters name/userList/address in the file...

PT-2025-33741 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A security flaw exists in Scada-LTS 2.7.8.1 related to the mailing lists.shtm file. Manipulation of the name/userList/address argument can lead to cross-site scripting. This issue is potentially...

PT-2025-33722 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A cross-site scripting issue exists due to manipulation of the alias argument within the scheduled events.shtm file. The attack can be executed remotely. The vendor states that exploitation likely requir...