CVE-2025-9143 MEDIUM

CVE-2025-9143: Scada-LTS mailing_lists.shtm cross site scripting

Vendor N/A

Product Scada-LTS

Weakness CWE-79 · XSS

Published August 19, 2025

Last update August 23, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Key dates

02Disclosure timeline

August 19, 2025 CVE published

August 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9143 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-2280 Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links CVE-2024-53709 WordPress Generic Elements plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability CVE-2026-47974 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-6058 LabVantage LIMS cross site scripting CVE-2025-31892 WordPress WP Crowdfunding plugin <= 2.1.15 - Cross Site Scripting (XSS) vulnerability