CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-42908

WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.4%

CVSS Severity

CVSS v3 Score 6.3

References

https://enrique.wtf/CVE-2022-42908
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-wepa-print-away
https://enrique.wtf/CVE-2022-42908
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-wepa-print-away

Products affected by CVE-2022-42908

Wepanow » Print Away » Version: N/A

cpe:2.3:a:wepanow:print_away:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-42908

Products

Pricing

Contact Us