CVE-2022-42908

Description

WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.

Remediation

Solution:

  • The vulnerability has already been fixed by the WEPA security team.

Category

6.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.08%
Third-Party Advisory enrique.wtf Third-Party Advisory incibe-cert.es
Affected: WEPA Wepa Print Away
Published at:
Updated at:

References

Link Tags
https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-wepa-print-away third party advisory
https://enrique.wtf/CVE-2022-42908 third party advisory

Frequently Asked Questions

What is the severity of CVE-2022-42908?
CVE-2022-42908 has been scored as a medium severity vulnerability.
How to fix CVE-2022-42908?
To fix CVE-2022-42908: The vulnerability has already been fixed by the WEPA security team.
Is CVE-2022-42908 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-42908 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-42908?
CVE-2022-42908 affects WEPA Wepa Print Away.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.