제출 #633445: SCADA-LTS Scada-LTS 2.7.8.1 Cross Site Scripting정보

제목SCADA-LTS Scada-LTS 2.7.8.1 Cross Site Scripting
설명torage Cross-Site Scripting (XSS) in endpoint pointHIerarchySLTS parameter title Summary Stored Cross-Site Scripting (XSS) vulnerability was identified in the pointHIerarchySLTS endpoint. This vulnerability allows attackers to inject malicious scripts into the username parameter. The injected scripts are stored on the server and executed automatically whenever the page pointHIerarchySLTS is accessed by users, posing a significant security risk. Details Vulnerable Endpoint: pointHIerarchySLTS Parameter: title Payload: <img src=x onerror=alert('CVEHunters-PoC-XSS')> The application fails to properly validate and sanitize user inputs in the userprofilename parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. PoC Register the payload in the title field at the pointHIerarchySLTS endpoint. After that, the XSS can be triggered by opening the pointHIerarchySLTS page. https://github.com/CVE-Hunters/CVE/blob/main/images/xss020.png https://github.com/CVE-Hunters/CVE/blob/main/images/xss-021.png
원천⚠️ https://github.com/CVE-Hunters/CVE/blob/main/Scada-LTS/Stored%20XSS%20endpoint%20pointHierarchySLTS%20parameter%20title.md
사용자
 nmmorette (UID 87361)
제출2025. 08. 13. AM 03:34 (11 개월 ago)
모더레이션2025. 08. 24. PM 05:04 (12 days later)
상태수락
VulDB 항목321240 [Scada-LTS 까지 2.7.8.1 Folder /pointHierarchySLTS 제목 크로스 사이트 스크립팅]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!