Skip to main content

Omeka

6 CVEs product

Monthly

CVE-2023-3982 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Omeka
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3981 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Omeka
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-3980 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Omeka
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-26799 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Omeka
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2018-13423 MEDIUM PATCH This Month

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Omeka
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2014-5100 MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF Omeka
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
1.6%
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Omeka
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Omeka
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Omeka
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Omeka
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Omeka
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM POC PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

XSS CSRF Omeka
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy