VYPR

IRISNext

by IRISNext

CVEs (2)

  • CVE-2022-26111HigApr 25, 2022
    risk 0.58cvss 8.8epss 0.04

    The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote…

  • CVE-2021-27930MedJul 6, 2021
    risk 0.35cvss 5.4epss 0.01

    Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers…