Scada-LTS Cross-Site Scripting Vulnerability in view_edit.shtm

A stored cross-site scripting vulnerability has been identified in Scada-LTS versions through 2.7.8.1. The issue resides in the view_edit.shtm file, where the Name parameter is not properly validated, allowing for the injection of malicious scripts. These scripts are stored on the server and executed in the browsers of users who access the affected data, creating a persistent threat.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the data. This can lead to session hijacking, credential theft, malware delivery, privilege escalation, data manipulation or defacement, and reputational damage.

Reproduction

To reproduce this vulnerability, log into the Scada-LTS application with an account that can create or edit graphical views. Navigate to the Graphical Views section and either add a new view or edit an existing one. In the Name field, insert a payload such as an image tag with an error event (e.g., an image source set to 'x' that triggers an alert). After saving the view, the injected script will execute when the user accesses the User Profile menu, confirming the presence of the stored XSS vulnerability.