Vulnerability Description
A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1.
Related Weaknesses (CWE)
References
- https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discov
- https://www.etq.com/blog/etq-reliance-security-update/
- https://www.etq.com/product-overview/
- https://www.vulncheck.com/advisories/etq-reliance-cg-reflected-xss-in-sqlconvert
FAQ
What is CVE-2025-34141?
CVE-2025-34141 is a documented vulnerability. A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as click...
How severe is CVE-2025-34141?
CVSS scoring is not yet available for CVE-2025-34141. Check NVD for updates.
Is there a patch for CVE-2025-34141?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.