← voltar
CVE-2025-34141

ETQ Reliance CG < SE.2025.1 Reflected XSS in `SQLConverterServlet`

CVSS 5.1 MEDIUMEPSS 1.9%CWE-116CWE-79
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Produtos afetados
ETQ · Reliance CG (legacy)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/https://www.etq.com/blog/etq-reliance-security-update/https://www.etq.com/product-overview/https://www.vulncheck.com/advisories/etq-reliance-cg-reflected-xss-in-sqlconverterservlet