← Back

Omeka

omeka

11 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Omeka
omeka
6 CVEs
Omeka S
omeka_s
5 CVEs

CVEs (11)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-4561
1Omeka
1Omeka S
Nov 21, 2024
Aug 28, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
CVE-2023-4560
1Omeka
1Omeka S
Nov 21, 2024
Aug 28, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
CVE-2023-4159
1Omeka
1Omeka S
Nov 21, 2024
Aug 4, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.
CVE-2023-4158
1Omeka
1Omeka S
Nov 21, 2024
Aug 4, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.
CVE-2023-4157
1Omeka
1Omeka S
Nov 21, 2024
Aug 4, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.
CVE-2023-3982
1Omeka
1Omeka
Nov 21, 2024
Jul 27, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
CVE-2023-3981
1Omeka
1Omeka
Nov 21, 2024
Jul 27, 2023
N/A· v4
4.9 MEDIUM· v3
N/A· v2
Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.
CVE-2023-3980
1Omeka
1Omeka
Nov 21, 2024
Jul 27, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
CVE-2021-26799
1Omeka
1Omeka
Nov 21, 2024
Jul 23, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.
CVE-2018-13423
1Omeka
1Omeka
Nov 21, 2024
Jul 7, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.
CVE-2014-5100
1Omeka
1Omeka
May 6, 2026
Jul 25, 2014
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to a...Show more
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.Show less