Omeka
Monthly
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.