Scada-LTS Cross-Site Scripting Vulnerability in Watch List Endpoint

A stored cross-site scripting vulnerability has been identified in the Scada-LTS application, affecting versions through 2.7.8.1. The issue arises in the watch_list.shtm endpoint, where the name parameter is not properly validated, allowing for the injection of malicious scripts. These scripts are stored on the server and executed in the browsers of users who access the affected data, creating a persistent threat.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the data. This can lead to session hijacking, credential theft, delivery of malware, privilege escalation, data manipulation or defacement, and damage to the application's reputation.

Reproduction

To reproduce this vulnerability, log into the Scada-LTS application with an account that can create or edit watchlists. Navigate to the watchlist management area and enter a payload, such as an image tag with an error event, into the name field. After saving, the injected script will execute when the user profile is accessed, confirming the presence of the stored XSS vulnerability.