WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.
References
Link | Resource |
---|---|
https://enrique.wtf/CVE-2022-42908 | Third Party Advisory |
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-wepa-print-away | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-02-03T00:00:00
Updated: 2023-02-03T00:00:00
Reserved: 2022-10-13T00:00:00
Link: CVE-2022-42908
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-03T19:15:12.333
Modified: 2023-02-10T17:34:39.233
Link: CVE-2022-42908
JSON object: View
Redhat Information
No data.
CWE