CVE-2025-10235
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-09-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-10235
EUVD
EUVD-2025-27624
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
scada-lts scada-lts to 2.7.8.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-10235 is a stored cross-site scripting (XSS) vulnerability in the Scada-LTS platform up to version 2.7.8.1, specifically in the Reports module's Colour field. An authenticated attacker can inject malicious HTML or JavaScript code into this field, which is then stored and executed whenever the report template is opened or edited by any user. This leads to persistent client-side code execution within the victim's browser session, allowing attacks such as session hijacking, data theft, and manipulation of the user interface. [1, 2, 3]

Impact Analysis

Exploitation of this vulnerability can result in session hijacking, theft of sensitive data like CSRF tokens, user interface manipulation, and injection of rogue controls. In the context of SCADA/ICS environments, this can allow attackers to manipulate operator dashboards and interfere with industrial process monitoring and control, potentially leading to operational disruptions or unauthorized actions within critical infrastructure. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious scripts injected into the Colour field of the Reports module (reports.shtm) in Scada-LTS version 2.7.8.1. Since exploitation requires authenticated access, detection involves reviewing report templates for suspicious HTML or JavaScript code in the Colour field. A practical approach is to query the report configuration files or database entries where the Colour field is stored, looking for payloads such as <img src=x onerror=alert(1)>. Network detection could involve monitoring HTTP requests to /reports.shtm for unusual or suspicious input patterns in the Colour parameter. Specific commands depend on the system setup, but examples include using grep or similar tools to search for suspicious script tags in configuration files or database dumps. For example, on a Linux system, you might run: grep -r --include='*.htm' -i '<script' /path/to/scada-lts/config or grep -r 'onerror' /path/to/scada-lts/config. Additionally, monitoring web server logs for requests containing suspicious payloads targeting the Colour parameter can help detect exploitation attempts. [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include restricting access to the Reports module to trusted authenticated users only, as exploitation requires valid credentials. Avoid using or opening report templates that may contain malicious Colour field inputs. Implement input validation to restrict the Colour field to only accept strict patterns such as hexadecimal color codes (#RRGGBB) or known color names, rejecting all other inputs. Apply server-side encoding or escaping of user inputs using safe methods like JSP <c:out> tags instead of raw expressions. Avoid client-side usage of innerHTML for untrusted data; use textContent or sanitize inputs with libraries like DOMPurify. Additionally, implement Content Security Policy (CSP) headers to reduce the impact of any injected scripts. Since no official patch or vendor response is available, consider isolating or replacing the affected Scada-LTS version if possible. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10235. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart