WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-02-03T00:00:00

Updated: 2024-08-03T13:19:05.291Z

Reserved: 2022-10-13T00:00:00

Link: CVE-2022-42908

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-03T19:15:12.333

Modified: 2024-11-21T07:25:34.950

Link: CVE-2022-42908

cve-icon Redhat

No data.