Login Sign Up

CVE-2022-50802

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

ETAP Safety Manager 1.0.0.32 contains an unauthenticated reflected cross-site scripting vulnerability in the 'action' GET parameter. Attackers can craft malicious URLs that execute arbitrary JavaScript in victim browsers when visited, potentially stealing session cookies or performing unauthorized actions. This affects all users accessing vulnerable ETAP Safety Manager instances.

💻 Affected Systems

Products:
  • ETAP Safety Manager
Versions: 1.0.0.32
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the default installation and requires no special configuration to be exploitable.

📦 What is this software?

Etap Safety Manager by Etaplighting

View all CVEs affecting Etap Safety Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal administrator credentials, gain full control of the safety management system, manipulate safety-critical data, or redirect users to malicious sites.

🟠

Likely Case

Session hijacking, credential theft from users who click malicious links, or defacement of the application interface.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though some risk remains from social engineering attacks.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires victims to click malicious links but requires no authentication to the target system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.etaplighting.com/

Restart Required: No

Instructions:

Contact ETAP Lighting for patch availability. If unavailable, implement workarounds immediately.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block malicious 'action' parameter values containing script tags or JavaScript.

Input Validation Filter

all

Implement server-side validation to sanitize the 'action' parameter before processing.

🧯 If You Can't Patch

  • Isolate the ETAP Safety Manager system from internet access and restrict to internal network only.
  • Implement strict user awareness training about not clicking untrusted links to the application.

🔍 How to Verify

Check if Vulnerable:

Test by accessing the application with a crafted URL containing a harmless payload like: http://target/etap/?action=<script>alert('test')</script>

Check Version:

Check the application interface or installation directory for version information (typically 1.0.0.32).

Verify Fix Applied:

Verify the fix by testing the same payload and confirming it does not execute in the browser.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with suspicious 'action' parameter values containing script tags or JavaScript code

Network Indicators:

  • Unusual GET requests to the ETAP Safety Manager with encoded script payloads in parameters

SIEM Query:

source="web_logs" AND uri="*etap*" AND query="*action=*script*"

📊 Metadata

CVE ID: CVE-2022-50802
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.11% exploit probability (30.1th percentile)
Published: December 30, 2025
Last Updated: January 7, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50802, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)