CVE-2022-42908

EUVD-2022-45965
WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
INCIBECNA
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
wepanowprint_away
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://enrique.wtf/CVE-2022-42908
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-wepa-print-away
https://enrique.wtf/CVE-2022-42908
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-wepa-print-away