Scada-LTS Stored Cross-Site Scripting Vulnerability in publisher_edit.shtm

A stored cross-site scripting vulnerability has been identified in Scada-LTS version 2.7.8.1. The issue resides in the publisher_edit.shtm file, specifically within the name parameter. This vulnerability allows remote attackers to inject malicious scripts that are stored on the server and executed automatically when the page is accessed by users.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page. This could lead to session hijacking, credential theft, delivery of malware, and defacement of websites, among other impacts.

Reproduction

To reproduce this vulnerability, access the publisher_edit.shtm endpoint. Insert a payload, such as an image tag with an onerror event, into the name parameter. In the URL field, enter any URL, such as 'http://test.com'. After saving the changes, the publishers.shtm page will be automatically triggered, executing the injected script.