Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new super user account via a request to admin/users/add, 2 insert cross-site scripting XSS sequences via the apikeylabel...