A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 11 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:scada-lts:scada-lts:*:*:*:*:*:*:*:*

Mon, 25 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 25 Aug 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Scada-lts
Scada-lts scada-lts
Vendors & Products Scada-lts
Scada-lts scada-lts

Mon, 25 Aug 2025 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Title Scada-LTS Folder pointHierarchySLTS cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-25T16:40:58.638Z

Reserved: 2025-08-24T15:04:20.123Z

Link: CVE-2025-9404

cve-icon Vulnrichment

Updated: 2025-08-25T16:40:43.864Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-25T03:15:37.387

Modified: 2025-09-11T15:36:37.667

Link: CVE-2025-9404

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-25T09:11:18Z