Bscw Classic vulnerabilities
2 known vulnerabilities affecting bscw/bscw_classic.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-36359P2HIGHCVSS 8.8fixed in 5.0.12≥ 5.1.0, < 5.1.10+3 more2021-08-30
CVE-2021-36359 [HIGH] CWE-91 CVE-2021-36359: OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XM
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
nvd
CVE-2021-39271P3HIGHCVSS 8.8fixed in 5.0.12≥ 5.1.0, < 5.1.10+3 more2021-08-30
CVE-2021-39271 [HIGH] CVE-2021-39271: OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive e
OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3.
nvd