Documentcloud: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
CVSS Score
4.3
EPSS Score
0.069
Published
2015-09-01
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
CVSS Score
9.3
EPSS Score
0.015
Published
2013-04-25