CVE-2022-40289 Information

Description

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.

Reference

https://www.themissinglink.com.au/security-advisories/cve-2022-40289