CVE-2025-9234 MEDIUM

CVE-2025-9234: Scada-LTS maintenance_events.shtm cross site scripting

Vendor N/A

Product Scada-LTS

Weakness CWE-79 · XSS

Published August 20, 2025

Last update August 20, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.

Key dates

02Disclosure timeline

August 20, 2025 CVE published

August 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9234 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-20143 Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities CVE-2024-47622 WordPress Advanced Woo Labels plugin <= 2.01 - Cross Site Scripting (XSS) vulnerability CVE-2023-48599 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2024-50515 WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability CVE-2025-9682 O2OA Personal Profile appdict cross site scripting

Identifiers

CVE CVE-2025-9234

CWE CWE-79

CVSS 5.1 / MEDIUM

Affected versions

Vendor N/A

Product Scada-LTS

Affected 2.7.8.0

Vendor N/A

Product Scada-LTS

Affected 2.7.8.1