Vulnerability Description
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Etaplighting | Etap Safety Manager | 1.0.0.32 |
Related Weaknesses (CWE)
References
- https://cxsecurity.com/issue/WLB-2022090031Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/235743Third Party Advisory
- https://packetstormsecurity.com/files/168339/Third Party Advisory
- https://www.etaplighting.com/ProductUS Government Resource
- https://www.vulncheck.com/advisories/etap-safety-manager-unauthenticated-reflectThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.phpThird Party Advisory
- https://cxsecurity.com/issue/WLB-2022090031Third Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.phpThird Party Advisory
FAQ
What is CVE-2022-50802?
CVE-2022-50802 is a vulnerability with a CVSS score of 6.1 (MEDIUM). ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can cr...
How severe is CVE-2022-50802?
CVE-2022-50802 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50802?
Check the references section above for vendor advisories and patch information. Affected products include: Etaplighting Etap Safety Manager.