CVE-2014-5100
Omeka 2.2.1 prior to release is affected by multiple CSRF vulnerabilities that can hijack admin sessions. Exploitation vectors include: (1) adding a new super user via admin/users/add; (2) injecting XSS via the api_key_label parameter to admin/users/api-keys/1; and (3) disabling file validation v...