Cross Site Scripting (XSS) vulnerability in ETAP Safety Manager 1.0.0.32

Cross Site Scripting (XSS) vulnerability in ETAP Safety Manager 1.0.0.32

CVE-2022-40912 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Learn more about our User Device Pen Test.