A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 11 Sep 2025 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:scada-lts:scada-lts:2.7.8.1:*:*:*:*:*:*:*

Wed, 27 Aug 2025 17:30:00 +0000


Wed, 27 Aug 2025 17:00:00 +0000


Thu, 21 Aug 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Scada-lts
Scada-lts scada-lts
Vendors & Products Scada-lts
Scada-lts scada-lts

Tue, 19 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 19 Aug 2025 15:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Title Scada-LTS SVG File view_edit.shtm cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-27T16:51:39.509Z

Reserved: 2025-08-19T07:22:48.740Z

Link: CVE-2025-9145

cve-icon Vulnrichment

Updated: 2025-08-19T16:10:06.371Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-19T16:15:29.470

Modified: 2025-09-11T13:54:47.647

Link: CVE-2025-9145

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-21T12:32:00Z