CVE-2022-50802 MEDIUM

CVE-2022-50802: ETAP Safety Manager 1.0.0.32 Unauthenticated Reflected Cross-Site Scripting via Action Parameter

Vendor Etap Lighting International Nv
Product ETAP Safety Manager
Weakness CWE-79 · XSS
Published December 30, 2025
Last update May 24, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions.

Key dates

02Disclosure timeline

December 30, 2025 CVE published
May 24, 2026 Record updated

Related vulnerabilities

04Related CVE