ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter βactionβ is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a userβs browser session in context of an affected site.