CVE-2022-50802
ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
ETAP Lighting International NV · ETAP Safety ManagerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cxsecurity.com/issue/WLB-2022090031https://exchange.xforce.ibmcloud.com/vulnerabilities/235743https://packetstormsecurity.com/files/168339/https://www.etaplighting.com/https://www.vulncheck.com/advisories/etap-safety-manager-unauthenticated-reflected-cross-site-scripting-via-action-parameterhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php