Skip to main content

Eprints

6 CVEs product

Monthly

CVE-2021-3342 CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2021-26704 HIGH POC PATCH This Week

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-26703 CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Eprints
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2021-26702 MEDIUM POC PATCH This Month

EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Eprints
NVD GitHub
CVSS 3.1
6.1
EPSS
3.1%
CVE-2021-26476 CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-26475 MEDIUM POC PATCH This Month

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Eprints
NVD GitHub
CVSS 3.1
6.1
EPSS
7.3%
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Eprints
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM POC PATCH This Month

EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Eprints
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Eprints
NVD GitHub
EPSS 7% CVSS 6.1
MEDIUM POC PATCH This Month

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Eprints
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy