Vulnerabilities > Eprints

DATE CVE VULNERABILITY TITLE RISK
2021-03-01 CVE-2021-3342 OS Command Injection vulnerability in Eprints 3.4.2
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI.
network
eprints CWE-78
6.8
6.8
2021-03-01 CVE-2021-26704 OS Command Injection vulnerability in Eprints 3.4.2
EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.
network
low complexity
eprints CWE-78
6.5
6.5
2021-03-01 CVE-2021-26703 XXE vulnerability in Eprints 3.4.2
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.
network
low complexity
eprints CWE-611
7.5
7.5
2021-03-01 CVE-2021-26702 Cross-site Scripting vulnerability in Eprints 3.4.2
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.
network
eprints CWE-79
4.3
4.3
2021-03-01 CVE-2021-26476 OS Command Injection vulnerability in Eprints 3.4.2
EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.
network
low complexity
eprints CWE-78
7.5
7.5
2021-03-01 CVE-2021-26475 Cross-site Scripting vulnerability in Eprints 3.4.2
EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
network
eprints CWE-79
4.3
4.3