Skip to content
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Print Archive System v2015 release 2.6
Branch: master
Clone or download
Latest commit 383c8a8 May 7, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVE-2019-10685.txt Update CVE-2019-10685.txt May 6, 2019
LICENSE Initial commit Apr 2, 2019 Update May 7, 2019


The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the "TextField" parameter.

Exploit-DB publication at
PacketStorm publication at


2019-02-04: Discovered
2019-02-25: Retest PRO environment
2019-03-25: Retest on researcher's ecosystem
2019-04-02: Vendor notification
2019-04-03: Vendor feedback received
2019-04-08: Reminder sent
2019-04-08: 2nd reminder sent
2019-04-11: Internal communication
2019-04-26: No more feedback received from the vendor
2019-04-30: New issues found
2019-05-06: Public Disclosure

Heidelberg (Print Archive System v2015 release 2.6 Product) Patch and credits:



Alex Hernandez aka (@_alt3kx_)

My current exploit list @exploit-db:

CVE-2019-10685 with sexy screens here:

You can’t perform that action at this time.