CVE-2025-10235

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2

Description: A flaw exists in Scada-LTS’s Reports Module due to cross-site scripting. The issue stems from unknown processing of the file /reports.shtm and manipulation of the Colour argument. This manipulation can be initiated remotely. The exploit has been published.

Recommendations: Update Scada-LTS to version 2.7.8.2 or later. As a temporary workaround, restrict access to the /reports.shtm file. Avoid using the Colour parameter in the affected Reports Module until the issue is resolved.