← Back to CVEs

CVE-2025-9233

LOW

3.5

Description

A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

CVE Details

CVSS v3.1 Score3.5

SeverityLOW

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionREQUIRED

Published8/20/2025

Last Modified4/29/2026

Sourcenvd

Honeypot Sightings0

Affected Products

scada-lts:scada-lts

Weaknesses (CWE)

CWE-79CWE-94

References

https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/CVE-2025-9233.md(cna@vuldb.com)

https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/Stored%20XSS%20endpoint%20view_edit.shtm%20parameter%20name.md#poc(cna@vuldb.com)

https://vuldb.com/?ctiid.320766(cna@vuldb.com)

https://vuldb.com/?id.320766(cna@vuldb.com)

https://vuldb.com/?submit.631118(cna@vuldb.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.