Súbít #630800: Scada-LTS 2.7.8.1 Cross Site Scripting (XSS) Storedbayani

KuraScada-LTS 2.7.8.1 Cross Site Scripting (XSS) Stored
Gaskiya# Cross-Site Scripting (XSS) Stored endpoint `watch_list.shtm` parameter `name` --- ## Summary A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `watch_list.shtm` endpoint of the _SCADA-LTS_ application. This vulnerability allows attackers to inject malicious scripts into the `name` parameter. The injected payload is stored on the server and executed automatically in the browser of any user who accesses the affected data source entry, creating a persistent attack vector. --- ## Details **Vulnerable Endpoint:** `POST /watch_list.shtm` **Parameter:** `name` The application does not properly validate or sanitize input in the `name` field. As a result, an attacker can inject JavaScript code, which is stored in the system and later rendered in the application’s interface, leading to automatic execution in the user's browser. --- ## PoC **Payload:** `<img src=x onerror=alert("Watchlist")>` ### Steps to Reproduce: 1. Log in to the _SCADA-LTS_ application with an account that has permission to create or edit Watchlists. 2. Navigate to the pencil button on the top right of the application to add/edit a watchlist . 3. ClickIn the **Name** field, insert the payload: `<img src=x onerror=alert("Watchlist")>` 4. Fill in any other required fields and click **Save**. ![[Pasted image 20250722183746.png]] 5. The stored payload is executed when the user access the User Profile menu immediately in the browser, confirming the Stored XSS vulnerability. ![[Pasted image 20250722190626.png]] --- ## Impact Stored XSS attacks can lead to severe consequences, including: - **Session hijacking:** Stealing cookies or authentication tokens to impersonate users - **Credential theft:** Capturing usernames and passwords through malicious scripts - **Malware delivery:** Distributing harmful code to application users - **Privilege escalation:** Compromising higher-privilege accounts via persistent scripts - **Data manipulation or defacement:** Altering displayed content in the application - **Reputation damage:** Eroding trust among system users and stakeholders
Manga⚠️ https://github.com/marcelomulder/CVE/blob/main/Scada-LTS/Stored_XSS_endpoint_watch_list.shtm_parameter_name.md
Màdùmga
 marceloQz (UID 87549)
Furta08/08/2025 15:44 (6 Wurɗi 전)
Gargajiya08/23/2025 17:18 (15 days later)
HalittaShingilam
VulDB gite321221 [Scada-LTS har 2.7.8.1 watch_list.shtm Sunu Cross Site Scripting]
Nganji20

GurɗoGumtiGada

Do you know our Splunk app?

Download it now for free!