79 matches found
Cross site scripting
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/datasetdictionary URI...
Design/Logic Flaw
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...
Cross site scripting
EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI...
CVE-2021-26704
EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI...
CVE-2021-26704
CVE-2021-26704 affects EPrints 3.4.2. A remote command-injection vulnerability exists in the CGI toolbox verb parameter, allowing an attacker to execute arbitrary commands on the affected system. Exploitation details indicate remote access over the network with low complexity and no user interact...
CVE-2021-26703
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI...
CVE-2021-26703
EPrints 3.4.2 is affected by CVE-2021-26703. The vulnerability enables remote attackers to read arbitrary files and, in some reports, may allow executing commands by sending crafted JSON/XML input to the cgi/ajax/phrase URI. Multiple connected sources corroborate an arbitrary file read condition ...
CVE-2021-3342
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI...
CVE-2021-3342
CVE-2021-3342 affects EPrints 3.4.2 and allows remote attackers to read arbitrary files and potentially execute commands by supplying crafted LaTeX to the cgi/latex2png?latex= URI. The connected documents corroborate an arbitrary file read vulnerability in EPrints 3.4.2 with remote access via the...
CVE-2021-26475
CVE-2021-26475 affects EPrints 3.4.2 and describes a reflected cross-site scripting vulnerability exposed through the cgi/cal URI. The issue is a reflected XSS in the year parameter of the cgi/cal URI, allowing arbitrary JavaScript to be executed in the victim’s browser and potentially leading to...
CVE-2021-26475
EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI...
CVE-2021-26476
CVE-2021-26476 affects EPrints 3.4.2, where a remote attacker can cause command injection by sending crafted LaTeX input to a cgi/cal?year= URI, enabling execution of OS commands. This is described as a remote, unauthenticated, network-based impact with partial confidentiality, integrity, and ava...
CVE-2021-26476
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...
CVE-2021-26702
EPrints 3.4.2 is affected by a Reflected Cross‑Site Scripting (XSS) vulnerability in the dataset parameter of the cgi/dataset_dictionary URI. The issue allows an attacker to inject JavaScript into the response, which could be executed in a victim’s browser, potentially leading to session hijackin...
CVE-2021-26702
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/datasetdictionary URI...
EPrints 跨站脚本漏洞
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A reflected cross-site scripting vulnerability exists in the dataset parameter of the cgi/datasetdictionary URI in EPrints 3.4.2. No detailed vulnerability details are provide...
EPrints 安全漏洞
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A remote code execution vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering specially crafted data into the verb parameter in t...
EPrints 安全漏洞
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. An arbitrary file read vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering specially crafted JSON/XML into a cgi/ajax/phrase UR...
EPrints 安全漏洞
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. EPrints 3.4.2 suffers from a command injection vulnerability. A remote attacker can exploit this vulnerability by entering specially crafted data into cgi/cal?year= URI to...
EPrints 操作系统命令注入漏洞
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. An arbitrary file read vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering a specially crafted LaTeX into cgi/latex2png?latex=...