The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: TML

Published: 2022-10-31T20:07:42.527702Z

Updated: 2024-08-03T12:14:39.950Z

Reserved: 2022-09-08T00:00:00

Link: CVE-2022-40289

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-10-31T21:15:12.850

Modified: 2024-11-21T07:21:12.033

Link: CVE-2022-40289

cve-icon Redhat

No data.