Lucene search
+L

79 matches found

Prion
Prion
added 2021/03/01 10:15 p.m.18 views

Cross site scripting

EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/datasetdictionary URI...

4.3CVSS5.9AI score0.03072EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/03/01 10:15 p.m.18 views

Design/Logic Flaw

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

7.5CVSS9.5AI score0.03057EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/03/01 10:15 p.m.18 views

Cross site scripting

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI...

4.3CVSS5.9AI score0.07326EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/01 9:2 p.m.17 views

CVE-2021-26704

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI...

9.2AI score0.03072EPSS
Exploits1References3
CVE
CVE
added 2021/03/01 9:2 p.m.42 views

CVE-2021-26704

CVE-2021-26704 affects EPrints 3.4.2. A remote command-injection vulnerability exists in the CGI toolbox verb parameter, allowing an attacker to execute arbitrary commands on the affected system. Exploitation details indicate remote access over the network with low complexity and no user interact...

8.8CVSS9AI score0.03072EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/03/01 9:2 p.m.16 views

CVE-2021-26703

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI...

9.7AI score0.04034EPSS
Exploits1References3
CVE
CVE
added 2021/03/01 9:2 p.m.41 views

CVE-2021-26703

EPrints 3.4.2 is affected by CVE-2021-26703. The vulnerability enables remote attackers to read arbitrary files and, in some reports, may allow executing commands by sending crafted JSON/XML input to the cgi/ajax/phrase URI. Multiple connected sources corroborate an arbitrary file read condition ...

9.8CVSS9.5AI score0.04034EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/03/01 9:1 p.m.19 views

CVE-2021-3342

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI...

9.7AI score0.04181EPSS
Exploits1References3
CVE
CVE
added 2021/03/01 9:1 p.m.52 views

CVE-2021-3342

CVE-2021-3342 affects EPrints 3.4.2 and allows remote attackers to read arbitrary files and potentially execute commands by supplying crafted LaTeX to the cgi/latex2png?latex= URI. The connected documents corroborate an arbitrary file read vulnerability in EPrints 3.4.2 with remote access via the...

9.8CVSS9.5AI score0.04181EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/03/01 9:1 p.m.91 views

CVE-2021-26475

CVE-2021-26475 affects EPrints 3.4.2 and describes a reflected cross-site scripting vulnerability exposed through the cgi/cal URI. The issue is a reflected XSS in the year parameter of the cgi/cal URI, allowing arbitrary JavaScript to be executed in the victim’s browser and potentially leading to...

6.1CVSS6.1AI score0.07326EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/01 9:1 p.m.24 views

CVE-2021-26475

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI...

6.1AI score0.07326EPSS
Exploits1References2
CVE
CVE
added 2021/03/01 9:1 p.m.47 views

CVE-2021-26476

CVE-2021-26476 affects EPrints 3.4.2, where a remote attacker can cause command injection by sending crafted LaTeX input to a cgi/cal?year= URI, enabling execution of OS commands. This is described as a remote, unauthenticated, network-based impact with partial confidentiality, integrity, and ava...

9.8CVSS9.6AI score0.03057EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/01 9:1 p.m.26 views

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

9.8AI score0.03057EPSS
Exploits1References2
CVE
CVE
added 2021/03/01 9:1 p.m.69 views

CVE-2021-26702

EPrints 3.4.2 is affected by a Reflected Cross‑Site Scripting (XSS) vulnerability in the dataset parameter of the cgi/dataset_dictionary URI. The issue allows an attacker to inject JavaScript into the response, which could be executed in a victim’s browser, potentially leading to session hijackin...

6.1CVSS6.2AI score0.03072EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/01 9:1 p.m.32 views

CVE-2021-26702

EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/datasetdictionary URI...

6.1AI score0.03072EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/03/01 12:0 a.m.5 views

EPrints 跨站脚本漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A reflected cross-site scripting vulnerability exists in the dataset parameter of the cgi/datasetdictionary URI in EPrints 3.4.2. No detailed vulnerability details are provide...

6.1CVSS5.1AI score0.03072EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/03/01 12:0 a.m.5 views

EPrints 安全漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A remote code execution vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering specially crafted data into the verb parameter in t...

8.8CVSS6.8AI score0.03072EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/03/01 12:0 a.m.5 views

EPrints 安全漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. An arbitrary file read vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering specially crafted JSON/XML into a cgi/ajax/phrase UR...

9.8CVSS6AI score0.04034EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/03/01 12:0 a.m.5 views

EPrints 安全漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. EPrints 3.4.2 suffers from a command injection vulnerability. A remote attacker can exploit this vulnerability by entering specially crafted data into cgi/cal?year= URI to...

9.8CVSS6AI score0.03057EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/03/01 12:0 a.m.7 views

EPrints 操作系统命令注入漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. An arbitrary file read vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering a specially crafted LaTeX into cgi/latex2png?latex=...

9.8CVSS6AI score0.04181EPSS
Exploits1References4
Rows per page
Query Builder