CVE-2022-40912

{"id": "CVE-2022-40912", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-09-28T14:15:11.007", "references": [{"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5711.php", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site."}, {"lang": "es", "value": "ETAP Lighting International NV ETAP Safety Manager versi\u00f3n 1.0.0.32, es vulnerable a un ataque de tipo Cross Site Scripting (XSS). La entrada que es pasada al par\u00e1metro GET \"action\" no es saneada apropiadamente antes de ser devuelta al usuario. Esto puede ser explotado para ejecutar c\u00f3digo HTML/JS arbitrario en la sesi\u00f3n del navegador de un usuario en el contexto de un sitio afectado"}], "lastModified": "2022-09-30T18:20:59.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:etaplighting:etap_safety_manager:1.0.0.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37A054DD-4E7C-4591-8E6A-6882765EC694"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}