| शीर्षक | ScadaBR Scada-LTS 2.7.8.1 Stored XSS |
|---|
| विवरण | A vulnerability was found in Scada-LTS up to version 2.7.8.1. It has been classified as a cross-site scripting (XSS) issue. This vulnerability affects the Reports module (reports.shtm), specifically the Colour field in the Report Criteria section. An attacker with valid credentials can inject arbitrary HTML or JavaScript code into this field. The crafted input is stored in the report template configuration and executed whenever the template is opened or modified by any user.
Successful exploitation results in persistent client-side code execution in the context of a victim’s browser session. This can lead to session hijacking, data theft, user interface manipulation, or further attacks against operators managing industrial processes. Given the SCADA/ICS environment in which Scada-LTS is deployed, this issue may enable adversaries to manipulate operator dashboards or conduct phishing-style attacks inside the control interface. |
|---|
| स्रोत | ⚠️ https://medium.com/@warlleyfreire/stored-xss-in-scada-lts-reports-module-colour-field-4d7e6633d298 |
|---|
| उपयोगकर्ता | 0x5ea3o1f (UID 89513) |
|---|
| सबमिशन | 26/08/2025 05:45 PM (10 महीनों पहले) |
|---|
| संयम | 10/09/2025 03:53 PM (15 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 323504 [Scada-LTS तक 2.7.8.1 Reports /reports.shtm Colour क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|