| Title | Scada-LTS 2.7.8 (Last) Stored Cross-Site Scripting |
|---|
| Description | Hello team,
I found a Stored Cross-Site Scripting (XSS) vulnerability in the latest version of Scada-LTS.
Steps to Reproduce:
Go to "http://IP:8080/Scada-LTS/app.shtm#/alarms/scada".
Select and click on any "Message".
Insert the following payload in the Text Box: "><img src=x onerror=alert(document.location)>.
Click on "ADD COMMENT".
The payload is successfully stored, resulting in a Stored XSS vulnerability.
Video (Don't share please):
https://youtu.be/dk0fFfUl444
|
|---|
| Source | ⚠️ https://github.com/SCADA-LTS/Scada-LTS |
|---|
| User | Stux (UID 40142) |
|---|
| Submission | 08/07/2024 08:46 PM (2 years ago) |
|---|
| Moderation | 08/16/2024 10:55 PM (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 274909 [Scada-LTS 2.7.8 Message Scada cross site scripting] |
|---|
| Points | 20 |
|---|