6.1CVSS
6.1AI Score
0.002EPSS
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.
9.8CVSS
9.6AI Score
0.013EPSS
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.
6.1CVSS
6.2AI Score
0.002EPSS
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.
9.8CVSS
9.5AI Score
0.016EPSS
EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.
8.8CVSS
9AI Score
0.008EPSS
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI.
9.8CVSS
9.5AI Score
0.012EPSS