CVE-2022-40912

Name of the Vulnerable Software and Affected Versions ETAP Safety Manager version 1.0.0.32

Description The issue concerns a Cross Site Scripting (XSS) problem. Input passed to the GET parameter action is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Recommendations For ETAP Safety Manager version 1.0.0.32, consider restricting access to the action parameter in the GET request to minimize the risk of exploitation. As a temporary workaround, avoid using the action parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.