Scada-LTS Cross-Site Scripting Vulnerability in Mailing Lists Endpoint

A stored cross-site scripting vulnerability has been identified in Scada-LTS version 2.7.8.1, specifically within the mailing_lists.shtm file. This issue allows attackers to inject malicious scripts into the name, userList, and address parameters. The injected scripts are stored on the server and executed automatically when the affected page is accessed, posing a significant security risk.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the page. This can lead to session hijacking, credential theft, distribution of malware, and defacement of websites, among other risks.

Reproduction

To reproduce this vulnerability, access the mailing_lists.shtm endpoint and insert a payload, such as an image tag with an error event, into the 'Name' field. After saving, the payload will execute automatically. Alternatively, as an admin, add a test user with the same payload, which will also trigger the script execution. The same payload can be added to the 'Add address' field, where it will activate upon saving.