CVE-2025-9138 | Scada-LTS 2.7.8.1 pointHierarchy/new/ Title cross site scripting

A vulnerability, which was classified as problematic, has been found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting.

This vulnerability is reported as CVE-2025-9138. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor explains: “[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities – the overall risk change to the user due to malicious admin actions will not be lower. An admin user – by definition – has full control over HTML and JS code that is delivered to users in regular synoptic panels. In other words – due to the design of the system it is not possible to limit the admin user to attack the users.”

CVE-2025-9138 | Scada-LTS 2.7.8.1 pointHierarchy/new/ Title cross site scripting

Post correlati

CVE-2024-7200 | SourceCodester Complaints Report Management System 1.0 ajax.php name cross site scripting

CVE-2022-48944 | Linux Kernel up to 5.15.26/5.16.12 sched_fork Privilege Escalation (3411613611a5/c65cfd89cef6/b1e8206582f9)

CVE-2023-37520 | HCL HCL BigFix Platform 9.5.x/10.0.x/11.0.0 Gather Status Report cross site scripting (KB0109376)

CVE-2024-25250 | code-projects Agro-School Management System 1.0 Login Page sql injection