WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-02-03T00:00:00
Updated: 2024-08-03T13:19:05.291Z
Reserved: 2022-10-13T00:00:00
Link: CVE-2022-42908
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-03T19:15:12.333
Modified: 2024-11-21T07:25:34.950
Link: CVE-2022-42908
Redhat
No data.