ETQ Reliance CG Reflected Cross-Site Scripting in `SQLConverterServlet`_CVE-2025-34141

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1.

Basic Information

ID CVE-2025-34141

Source VulnCheck

Published Jul 22, 2025 at 12:35

Modified Jul 22, 2025 at 13:21

Affected Product

Vendor ETQ

Product Reliance CG (legacy)

Version *

Affected Versions ETQ Reliance CG (legacy) *

CWE Classification

CWE-79 CWE-116

References

{
    "lastseen": "",
    "description": "A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1.",
    "published": "2025-07-22T12:35:57.509Z",
    "modified": "2025-07-22T13:21:50.982Z",
    "type": "cve",
    "title": "ETQ Reliance CG Reflected Cross-Site Scripting in `SQLConverterServlet`",
    "source": "VulnCheck",
    "references": "https://www.etq.com/product-overview/\nhttps://www.etq.com/blog/etq-reliance-security-update/\nhttps://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/",
    "id": "CVE-2025-34141",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-116"
    ],
    "cvelist": null,
    "sourceData": "ETQ Reliance CG (legacy) *",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Reliance CG (legacy)",
    "version": "*",
    "vendor": "ETQ",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}