CVE-2022-40778

Name of the Vulnerable Software and Affected Versions OPSWAT MetaDefender ICAP Server versions prior to 4.13.0

Description A stored Cross-Site Scripting (XSS) issue allows attackers to execute arbitrary JavaScript or HTML due to the blocked page response. This enables attackers to potentially inject malicious code into the system.

Recommendations For versions prior to 4.13.0, update to version 4.13.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the blocked page response feature until a patch is applied.