Scada-LTS Cross-Site Scripting Vulnerability in Virtual Data Source Property Handler

A stored cross-site scripting vulnerability has been identified in Scada-LTS versions through 2.7.8.1. The issue resides in the Virtual Data Source Property Handler, specifically within the 'data_source_edit.shtm' file. The vulnerability is triggered by manipulating the 'name' parameter, allowing for the injection of malicious scripts that are executed in the context of the user’s browser. This creates a persistent threat, as the injected scripts are stored on the server and executed automatically when the affected data source is accessed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the data source. This can lead to session hijacking, credential theft, delivery of malware, privilege escalation, data manipulation or defacement, and damage to the application's reputation.

Reproduction

To reproduce this vulnerability, log into the Scada-LTS application with an account that can create or edit data sources. Navigate to the Data Sources section and either add a new data source or edit an existing one. In the Name field, insert a payload that includes a script, such as an image tag with an 'onerror' event. After saving, the injected script will execute immediately in the browser, confirming the vulnerability.