CVE-2022-50802
5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ETAP Lighting International NV | ETAP Safety Manager | 1.0.0.32 | affected |
Weaknesses
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php
- https://cxsecurity.com/issue/WLB-2022090031
References
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php
- https://packetstormsecurity.com/files/168339/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/235743
- https://cxsecurity.com/issue/WLB-2022090031
- https://www.etaplighting.com/
- https://www.vulncheck.com/advisories/etap-safety-manager-unauthenticated-reflected-cross-site-scripting-via-action-parameter
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.