CVE-2025-7728
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-17

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-17
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-17
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7728
EUVD
EUVD-2025-21754
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
scada-lts scada-lts to 2.7.8.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a cross-site scripting (XSS) issue found in Scada-LTS up to version 2.7.8.1. It occurs due to improper handling of the 'Username' argument in the users.shtm file, allowing an attacker to inject malicious scripts. The attack can be launched remotely and the exploit is publicly known. The vendor plans to fix it in version 2.8.0.


How can this vulnerability impact me? :

The vulnerability can allow an attacker to execute malicious scripts in the context of the affected application, potentially leading to unauthorized actions or data manipulation. Since it is a cross-site scripting issue, it may be used to steal user sessions, deface web content, or redirect users to malicious sites. The impact is limited to integrity and user interaction, with no direct confidentiality or availability impact reported.


What immediate steps should I take to mitigate this vulnerability?

Since the vulnerability is a cross site scripting issue in the users.shtm file of Scada-LTS up to version 2.7.8.1, immediate mitigation steps include restricting access to the affected application to trusted users only, applying input validation or sanitization if possible, and monitoring for suspicious activity. The vendor has confirmed a fix will be available in version 2.8.0, so plan to update to that version as soon as it is released.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart