CVE-2022-50802

Name of the Vulnerable Software and Affected Versions ETAP Safety Manager version 1.0.0.32

Description ETAP Safety Manager version 1.0.0.32 contains a cross-site scripting issue in the action GET parameter. This allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can create specially formed requests to execute arbitrary scripts in a victim’s browser session, potentially leading to credential theft or unauthorized actions. The vulnerable parameter is action.

Recommendations Apply any available updates or patches for ETAP Safety Manager version 1.0.0.32. As a temporary workaround, consider restricting access to the vulnerable action GET parameter.