Omeka : Security Vulnerabilities, CVEs,

CVE-2023-4561

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
Max CVSS
7.1
EPSS Score
0.05%
Published
2023-08-28
Updated
2023-08-29

CVE-2023-4560

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-08-28
Updated
2023-08-29

CVE-2023-4159

Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.
Max CVSS
9.9
EPSS Score
0.05%
Published
2023-08-04
Updated
2023-08-09

CVE-2023-4158

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.
Max CVSS
6.4
EPSS Score
0.05%
Published
2023-08-04
Updated
2023-08-08

CVE-2023-4157

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.
Max CVSS
5.2
EPSS Score
0.05%
Published
2023-08-04
Updated
2023-11-04

CVE-2023-3982

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-27
Updated
2023-08-03

CVE-2023-3981

Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-27
Updated
2023-08-03

CVE-2023-3980

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-27
Updated
2023-08-03

CVE-2021-26799

Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.
Max CVSS
6.1
EPSS Score
0.11%
Published
2021-07-23
Updated
2021-07-29

CVE-2018-13423

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.
Max CVSS
6.1
EPSS Score
0.06%
Published
2018-07-07
Updated
2018-08-27

CVE-2014-5100

Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.
Max CVSS
6.8
EPSS Score
0.84%
Published
2014-07-25
Updated
2017-08-29
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close