CVE-2025-34141

MEDIUM EXPLOITED NUCLEI

ETQ Reliance CG - XSS

Title source: llm

Description

A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platform within the `SQLConverterServlet` component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The affected servlet was unnecessarily exposed to authenticated users and has since been disabled in version SE.2025.1.

Nuclei Templates (1)

ETQ Reliance - Reflected XSS via SQLConverterServlet

MEDIUMVERIFIEDby slcyber,pdresearch

Shodan: html:"ETQ Reliance"

FOFA: body="ETQ Reliance"

References (4)

[Various Sources] https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/

[Various Sources] https://www.etq.com/blog/etq-reliance-security-update/

[Various Sources] https://www.etq.com/product-overview/

[Third Party Advisory] https://www.vulncheck.com/advisories/etq-reliance-cg-reflected-xss-in-sqlconverterservlet

Scores

CVSS v4 5.1

EPSS 0.0086

EPSS Percentile 75.2%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Details

VulnCheck KEV 2025-07-31

CWE

CWE-116 CWE-79

Status published

Products (1)

ETQ/Reliance CG (legacy) < SE.2025.1

Published Jul 22, 2025

Tracked Since Feb 18, 2026