CVE-2022-50802

Опубликовано: 30 дек. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions.

Ссылки

https://cxsecurity.com/issue/WLB-2022090031
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/235743
Third Party Advisory
https://packetstormsecurity.com/files/168339/
Third Party Advisory
https://www.etaplighting.com/
Product
US Government Resource
https://www.vulncheck.com/advisories/etap-safety-manager-unauthenticated-reflected-cross-site-scripting-via-action-parameter
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php
Third Party Advisory
https://cxsecurity.com/issue/WLB-2022090031
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:etaplighting:etap_safety_manager:1.0.0.32:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00113

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-xpmj-f96f-w324