CVE-2022-50802
ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
ETAP Lighting International NV · ETAP Safety ManagerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://cxsecurity.com/issue/WLB-2022090031https://exchange.xforce.ibmcloud.com/vulnerabilities/235743https://packetstormsecurity.com/files/168339/https://www.etaplighting.com/https://www.vulncheck.com/advisories/etap-safety-manager-unauthenticated-reflected-cross-site-scripting-via-action-parameterhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php