Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:13 p.m.9 views

CVE-2021-36359

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

8.8CVSS7.9AI score0.03975EPSS
Exploits3References1
Packet Storm
Packet Storm
added 2021/08/31 12:0 a.m.283 views

BSCW Server XML Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version: BSCW Server...

0.1AI score0.03975EPSS
Exploits3
OSV
OSV
added 2021/08/30 5:15 a.m.10 views

CVE-2021-36359

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

8.8CVSS6.3AI score0.03975EPSS
Exploits3References3
Cvelist
Cvelist
added 2021/08/30 4:42 a.m.44 views

CVE-2021-36359

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

9.2AI score0.03975EPSS
Exploits3References3
CVE
CVE
added 2021/08/30 4:42 a.m.75 views

CVE-2021-36359

CVE-2021-36359 affects OrbiTeam BSCW Classic/BSCW Server up to version 7.4.3. The vulnerability is an XML tag injection that leads to authenticated remote code execution when reportlab/platypus/paraparser.py evaluates attacker-supplied Python code via bscw.cgi op=_editfolder.EditFolder. Impact is...

8.8CVSS9AI score0.03975EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder