CVE-2025-34141

A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1.

CVSS

No CVSS.

References

Link	Resource
https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/
https://www.etq.com/blog/etq-reliance-security-update/
https://www.etq.com/product-overview/

Configurations

No configuration.

History

25 Jul 2025, 15:29

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de cross-site scripting (XSS) reflejado en la plataforma ETQ Reliance CG (legacy) dentro del componente `SQLConverterServlet`. Esta vulnerabilidad requiere la interacción del usuario, como hacer clic en un enlace manipulado, y puede provocar la ejecución de scripts no autorizados en su contexto. El servlet afectado se expuso innecesariamente a usuarios autenticados y se ha deshabilitado en la versión SE.2025.1.

22 Jul 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-22 13:15

Updated : 2025-07-25 15:29

NVD link : CVE-2025-34141

Mitre link : CVE-2025-34141

CVE.ORG link : CVE-2025-34141

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-116

Improper Encoding or Escaping of Output

{"id": "CVE-2025-34141", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-22T13:15:24.827", "references": [{"url": "https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.etq.com/blog/etq-reliance-security-update/", "source": "disclosure@vulncheck.com"}, {"url": "https://www.etq.com/product-overview/", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site scripting (XSS) reflejado en la plataforma ETQ Reliance CG (legacy) dentro del componente `SQLConverterServlet`. Esta vulnerabilidad requiere la interacci\u00f3n del usuario, como hacer clic en un enlace manipulado, y puede provocar la ejecuci\u00f3n de scripts no autorizados en su contexto. El servlet afectado se expuso innecesariamente a usuarios autenticados y se ha deshabilitado en la versi\u00f3n SE.2025.1."}], "lastModified": "2025-07-25T15:29:44.523", "sourceIdentifier": "disclosure@vulncheck.com"}