Scada-LTS Message Scada cross site scripting

A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: A fix is planned for the upcoming release at the end of September 2024.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Scada-LTS 跨站脚本漏洞

Scada-LTS是Scada-LTS开源的一个开源、基于 web 的多平台解决方案。 Scada-LTS 2.7.8版本存在跨站脚本漏洞，该漏洞源于文件/Scada-LTS/app.shtm#/alarms/Scada的未知功能会导致跨站脚本。

N/A

N/A