Scada-LTS Cross-Site Scripting Vulnerability in usersProfiles.shtm

A cross-site scripting (XSS) vulnerability has been identified in Scada-LTS versions through 2.7.8.1. The issue resides in the usersProfiles.shtm file, where the Username parameter can be manipulated to inject malicious scripts. This vulnerability is exploitable remotely and has been publicly disclosed, with an available proof-of-concept exploit. The injected scripts are stored on the server and executed when the page is accessed, potentially compromising user data and systems.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the affected page. This could lead to session hijacking, credential theft, and other malicious actions such as downloading malware or defacing websites.

Reproduction

To reproduce this vulnerability, register a payload in the userprofilename field at the usersProfiles.shtm endpoint. The cross-site scripting can then be triggered by opening the usersProfiles.shtm page.

Remediation

The vendor has confirmed that this vulnerability will be addressed in the upcoming release 2.8.0.