VYPR

EPrints

by EPrints

CVEs (6)

  • CVE-2021-26475Mar 1, 2021
    EPrints
    EPrints
    risk 0.04cvss epss 0.06

    EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.

  • CVE-2021-26703Mar 1, 2021
    EPrints
    EPrints
    risk 0.01cvss epss 0.04

    EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.

  • CVE-2021-26704Mar 1, 2021
    EPrints
    EPrints
    risk 0.00cvss epss 0.03

    EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.

  • CVE-2021-3342Mar 1, 2021
    EPrints
    EPrints
    risk 0.00cvss epss 0.04

    EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI.

  • CVE-2021-26476Mar 1, 2021
    EPrints
    EPrints
    risk 0.00cvss epss 0.03

    EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.

  • CVE-2021-26702Mar 1, 2021
    EPrints
    EPrints
    risk 0.00cvss epss 0.03

    EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.