CVE-2025-9145

Source
https://cve.org/CVERecord?id=CVE-2025-9145
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9145.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-9145
Published
2025-08-19T15:32:07.391Z
Modified
2026-07-08T08:12:20.717226147Z
Severity
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Scada-LTS SVG File view_edit.shtm cross site scripting
Details

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Database specific
{
    "cna_assigner": "VulDB",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "2.7.8.1"
                },
                {
                    "last_affected": "2.7.8.1"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-79",
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9145.json"
}
References

Affected packages

Git / github.com/scada-lts/scada-lts

Affected ranges

Type
GIT
Repo
https://github.com/scada-lts/scada-lts
Events
Database specific
{
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "2.7.8.1"
        },
        {
            "last_affected": "2.7.8.1"
        }
    ],
    "cpe": "cpe:2.3:a:scada-lts:scada-lts:2.7.8.1:*:*:*:*:*:*:*"
}

Affected versions

2.*
2.7.8.1
v2.*
v2.7.8.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-9145.json"