{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T03:20:34.737","vulnerabilities":[{"cve":{"id":"CVE-2022-50802","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-12-30T23:15:47.647","lastModified":"2026-01-07T22:02:42.960","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions."},{"lang":"es","value":"ETAP Safety Manager 1.0.0.32 contiene una vulnerabilidad de cross-site scripting en el parámetro GET 'action' que permite a atacantes no autenticados inyectar HTML y JavaScript maliciosos. Los atacantes pueden elaborar solicitudes especialmente formadas para ejecutar scripts arbitrarios en las sesiones del navegador de la víctima, potencialmente robando credenciales o realizando acciones no autorizadas."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:etaplighting:etap_safety_manager:1.0.0.32:*:*:*:*:*:*:*","matchCriteriaId":"37A054DD-4E7C-4591-8E6A-6882765EC694"}]}]}],"references":[{"url":"https://cxsecurity.com/issue/WLB-2022090031","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/235743","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://packetstormsecurity.com/files/168339/","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.etaplighting.com/","source":"disclosure@vulncheck.com","tags":["Product","US Government Resource"]},{"url":"https://www.vulncheck.com/advisories/etap-safety-manager-unauthenticated-reflected-cross-site-scripting-via-action-parameter","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://cxsecurity.com/issue/WLB-2022090031","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]}]}}]}