Eprints

eprints

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-3342 1Eprints 1Eprints Nov 21, 2024 Mar 1, 2021 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI.
CVE-2021-26704 1Eprints 1Eprints Nov 21, 2024 Mar 1, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.
CVE-2021-26703 1Eprints 1Eprints Nov 21, 2024 Mar 1, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.
CVE-2021-26702 1Eprints 1Eprints Nov 21, 2024 Mar 1, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.
CVE-2021-26476 1Eprints 1Eprints Nov 21, 2024 Mar 1, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.
CVE-2021-26475 1Eprints 1Eprints Nov 21, 2024 Mar 1, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.