A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: A fix is planned for the upcoming release at the end of September 2024.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.274909 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.274909 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?submit.387606 | Third Party Advisory VDB Entry |
Configurations
History
20 Aug 2024, 19:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://vuldb.com/?ctiid.274909 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?id.274909 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.387606 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:scada-lts:scada-lts:2.7.8:*:*:*:*:*:*:* | |
First Time |
Scada-lts scada-lts
Scada-lts |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 5.4 |
19 Aug 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A vulnerability has been found in Scada-LTS 2.7.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/app.shtm#/alarms/Scada of the component Message Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: A fix is planned for the upcoming release at the end of September 2024. |
19 Aug 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Aug 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-17 21:15
Updated : 2024-08-20 19:32
NVD link : CVE-2024-7901
Mitre link : CVE-2024-7901
CVE.ORG link : CVE-2024-7901
JSON object : View
Products Affected
scada-lts
- scada-lts
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')