Security Advisory

CVE-2022-42908

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-03 00:00:00

Last updated 2025-03-26 15:55:55

Assigner INCIBE

State PUBLISHED

Description

WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.

← Browse all CVEs View on cve.org ↗