Primary

Context

ETAP Safety Manager Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in ETAP Safety Manager version 1.0.0.32. The issue resides in the 'action' GET parameter, where input is not properly sanitized before being returned to users. This flaw allows unauthenticated attackers to inject malicious HTML and JavaScript, which could be executed in the context of the user's browser session on the affected site. The vulnerability could be exploited to steal cookies or authentication credentials from the user.

Impact

Exploitation of this vulnerability allows for remote, unauthenticated cross-site scripting, where injected scripts are executed in the context of the user's browser session.

Reproduction

To reproduce this vulnerability, send a request to 'authenticate.php' with a crafted 'action' parameter that includes the malicious script. The lack of proper input sanitization will allow the script to execute in the victim's browser.

Added: Dec 30, 2025, 11:31 PM

Updated: Dec 30, 2025, 11:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.4

exploitability

7.4

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.4

exploitability

7.4

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ETAP Safety Manager Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

ETAP Safety Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating