EPrints
Products
2- 6 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26475 | 0.04 | — | 0.06 | Mar 1, 2021 | EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. | |||
| CVE-2021-26703 | 0.01 | — | 0.04 | Mar 1, 2021 | EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. | |||
| CVE-2021-4304 | 0.00 | — | 0.02 | Jan 5, 2023 | A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched… | |||
| CVE-2021-26704 | 0.00 | — | 0.03 | Mar 1, 2021 | EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. | |||
| CVE-2021-3342 | 0.00 | — | 0.04 | Mar 1, 2021 | EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. | |||
| CVE-2021-26476 | 0.00 | — | 0.03 | Mar 1, 2021 | EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. | |||
| CVE-2021-26702 | 0.00 | — | 0.03 | Mar 1, 2021 | EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. |
- CVE-2021-26475Mar 1, 2021risk 0.04cvss —epss 0.06
EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
- CVE-2021-26703Mar 1, 2021risk 0.01cvss —epss 0.04
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.
- CVE-2021-4304Jan 5, 2023risk 0.00cvss —epss 0.02
A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched…
- CVE-2021-26704Mar 1, 2021risk 0.00cvss —epss 0.03
EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.
- CVE-2021-3342Mar 1, 2021risk 0.00cvss —epss 0.04
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI.
- CVE-2021-26476Mar 1, 2021risk 0.00cvss —epss 0.03
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.
- CVE-2021-26702Mar 1, 2021risk 0.00cvss —epss 0.03
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.