A vulnerability has been found in Portabilis i-Diario up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de usàrio Page. Such manipulation of the argument nm_tipo leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE Database V5

Detailed information about CVE-2025-9236: SQL Injection in Portabilis i-Diario affecting Portabilis i-Diario. Get real-time updates, technical details, and miti

CVE-2025-9236: SQL Injection in Portabilis i-Diario - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9236: SQL Injection in Portabilis i-Diario

Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission to view by altering the parameters of the search function.

Detailed information about CVE-2025-54551: External control of assumed-Immutable web parameter in FUJIFILM Healthcare Americas Corporation Synapse Mobility affe

CVE-2025-54551: External control of assumed-Immutable web parameter in FUJIFILM Healthcare Americas Corporation Synapse Mobility - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54551: External control of assumed-Immutable web parameter in FUJIFILM Healthcare Americas Corporation Synapse Mobility

A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.

CVE-2025-9235 is a cross-site scripting (XSS) vulnerability identified in Scada-LTS versions up to 2.7.8.1. The vulnerability resides in an unspecified function within the file compound_events.shtm, where improper handling of the 'Name' argument allows an attacker to inject malicious scripts. This flaw can be exploited remotely without requiring authentication, although user interaction is necessary for the attack to succeed (e.g., a victim must visit a crafted URL or interact with malicious content). The vulnerability is classified as medium severity with a CVSS 4.0 base score of 5.1, reflecting its moderate impact and ease of exploitation. The attack vector is network-based (AV:N), with low attack complexity (AC:L), no privileges required (PR:L), and user interaction needed (UI:P). The impact primarily affects integrity and confidentiality to a limited extent, with no direct impact on availability. The vulnerability could allow attackers to execute arbitrary JavaScript in the context of the victim's browser session, potentially leading to session hijacking, unauthorized actions, or information disclosure within the Scada-LTS web interface. Although no known exploits are currently observed in the wild, the public availability of exploit code increases the risk of exploitation. Scada-LTS is an open-source SCADA system used for industrial control and monitoring, making this vulnerability particularly relevant to critical infrastructure environments.

Detailed information about CVE-2025-9235: Cross Site Scripting in Scada-LTS affecting null Scada-LTS. Get real-time updates, technical details, and mitigation s

CVE-2025-9235: Cross Site Scripting in Scada-LTS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9235: Cross Site Scripting in Scada-LTS

A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.

CVE-2025-9234 is a cross-site scripting (XSS) vulnerability identified in Scada-LTS versions up to 2.7.8.1, specifically involving an unknown function within the file maintenance_events.shtm. The vulnerability arises from improper sanitization or validation of the 'Alias' argument, which an attacker can manipulate to inject malicious scripts. This flaw allows remote attackers to execute arbitrary JavaScript code in the context of the victim's browser when they access the affected web interface. The vulnerability does not require authentication (PR:L indicates low privileges, but no authentication needed), and user interaction is required (UI:P), meaning the victim must visit a crafted URL or interact with malicious content to trigger the exploit. The CVSS 4.0 base score is 5.1, categorized as medium severity, reflecting moderate impact on confidentiality and integrity with limited impact on availability. The attack vector is network-based (AV:N), and the exploit code is publicly available, increasing the risk of exploitation. Although no known exploits are currently observed in the wild, the public availability of the exploit code elevates the threat level. Scada-LTS is an open-source SCADA (Supervisory Control and Data Acquisition) system used for industrial control and monitoring, often deployed in critical infrastructure environments. XSS vulnerabilities in SCADA systems can lead to session hijacking, unauthorized command execution via the web interface, or phishing attacks targeting operators, potentially disrupting industrial processes or leaking sensitive operational data.

Detailed information about CVE-2025-9234: Cross Site Scripting in Scada-LTS affecting null Scada-LTS. Get real-time updates, technical details, and mitigation s

CVE-2025-9234: Cross Site Scripting in Scada-LTS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-9234: Cross Site Scripting in Scada-LTS

A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Detailed information about CVE-2025-9237: Cross Site Scripting in CodeAstro Ecommerce Website affecting CodeAstro Ecommerce Website. Get real-time updates, tech

CVE-2025-9237: Cross Site Scripting in CodeAstro Ecommerce Website

CVE-2025-9237: Cross Site Scripting in CodeAstro Ecommerce Website

Description

Technical Details

Related Threats

CVE-2025-9236: SQL Injection in Portabilis i-Diario

CVE-2025-54551: External control of assumed-Immutable web parameter in FUJIFILM Healthcare Americas Corporation Synapse Mobility

CVE-2025-9235: Cross Site Scripting in Scada-LTS

CVE-2025-9234: Cross Site Scripting in Scada-LTS

CVE-2025-46856: Cross-site Scripting (DOM-based XSS) (CWE-79) in Adobe Adobe Experience Manager

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility