CVE-2025-9233 MEDIUM

CVE-2025-9233: Scada-LTS view_edit.shtm cross site scripting

Vendor N/A

Product Scada-LTS

Weakness CWE-79 · XSS

Published August 20, 2025

Last update August 20, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security vulnerability has been detected in Scada-LTS up to 2.7.8.1. Impacted is an unknown function of the file view_edit.shtm. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Key dates

02Disclosure timeline

August 20, 2025 CVE published

August 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9233 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-49955 WordPress WP Smart Flexslider Plugin <= 2.5 - Cross Site Scripting (XSS) Vulnerability CVE-2023-3969 GZ Scripts Availability Booking Calendar PHP HTTP POST Request index.php cross site scripting CVE-2023-48467 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2023-0695 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode CVE-2025-31557 WordPress OSM plugin <= 6.1.13 - Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2025-9233

CWE CWE-79

CVSS 5.1 / MEDIUM

Affected versions

Vendor N/A

Product Scada-LTS

Affected 2.7.8.0

Vendor N/A

Product Scada-LTS

Affected 2.7.8.1