Omeka : Security Vulnerabilities, CVEs,
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
Max CVSS
7.1
EPSS Score
0.05%
Published
2023-08-28
Updated
2023-08-29
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-08-28
Updated
2023-08-29
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.
Max CVSS
9.9
EPSS Score
0.05%
Published
2023-08-04
Updated
2023-08-09
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.
Max CVSS
6.4
EPSS Score
0.05%
Published
2023-08-04
Updated
2023-08-08
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.
Max CVSS
5.2
EPSS Score
0.05%
Published
2023-08-04
Updated
2023-11-04
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-27
Updated
2023-08-03
Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-07-27
Updated
2023-08-03
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-27
Updated
2023-08-03
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.
Max CVSS
6.1
EPSS Score
0.11%
Published
2021-07-23
Updated
2021-07-29
admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.
Max CVSS
6.1
EPSS Score
0.06%
Published
2018-07-07
Updated
2018-08-27
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.
Max CVSS
6.8
EPSS Score
0.84%
Published
2014-07-25
Updated
2017-08-29
11 vulnerabilities found