This exploit demonstrates a stored cross-site scripting (XSS) vulnerability in the Encore ENPS-2012 Print Server. It injects malicious JavaScript into the 'NDSContext' field via the RESTART.HTM endpoint, which is then executed when accessing NETWARE.HTM.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:Encore ENPS-2012 Print Server (Firmware: 6.03.39E 0008)
No auth needed
Prerequisites:Network access to the target device · Web interface of the print server must be accessible