ETQ Reliance CG Reflected Cross-Site Scripting in `SQLConverterServlet`

July 22, 2025 invoker category_cve

CVE Details

Basic Information

Title	ETQ Reliance CG Reflected Cross-Site Scripting in `SQLConverterServlet`
Type	cve
Published	2025-07-22T12:35:57.509Z
Modified	2025-07-22T13:21:50.982Z

Product Information

Vendor	ETQ
Product	Reliance CG (legacy)
Version	*

CVSS Information

Base Score	5.1 (MEDIUM)
Attack Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Products

ETQ Reliance CG (legacy) *

Additional Information

CWE List	CWE-79, CWE-116
Source	VulnCheck

Description

A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user’s context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1.

References

View Full CVE Details