Vulnerabilities > Bscw

DATE	CVE	VULNERABILITY TITLE	RISK
2021-08-30	CVE-2021-36359	XML Injection (aka Blind XPath Injection) vulnerability in Bscw Classic OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. network low complexity bscw CWE-91	6.5
2021-08-30	CVE-2021-39271	Unspecified vulnerability in Bscw Classic OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. network low complexity bscw	6.5
2014-05-12	CVE-2014-2301	Information Exposure vulnerability in Bscw 5.0.7 OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive metadata via the inf operations (op=inf) to an object in pub/bscw.cgi/. network low complexity bscw CWE-200	5.0

Vulnerabilities > Bscw {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Bscw"}]}