Authenticated Stored XSS Vulnerability in Upload and Download Functionality

Authenticated Stored XSS Vulnerability in Upload and Download Functionality

CVE-2022-40289 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.

Learn more about our Web Application Penetration Testing UK.