Description

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions.

Related CPE's

a

etaplighting

etap_safety_manager

1.0.0.32

Vulnerable

References

https://cxsecurity.com/issue/WLB-2022090031

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/235743

Third Party Advisory

https://packetstormsecurity.com/files/168339/

Third Party Advisory

https://www.etaplighting.com/

ProductUS Government Resource

https://www.vulncheck.com/advisories/etap-safety-manager-unauthenticated-reflected-cross-site-scripting-via-action-parameter

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php

Third Party Advisory

https://cxsecurity.com/issue/WLB-2022090031

Third Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-12-30T23:15:47.647Z

3 weeks ago

Last modified

2026-01-07T22:02:42.960Z

2 weeks ago