Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key...
6.6AI Score
0.008EPSS
admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.
6.1CVSS
5.9AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.
6.1CVSS
5.9AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
4.8CVSS
5AI Score
0.001EPSS
Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.
4.9CVSS
5.3AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
4.8CVSS
5AI Score
0.001EPSS
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.
5.2CVSS
5.1AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.
5.4CVSS
5.4AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.
8.8CVSS
8.7AI Score
0.001EPSS
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
6.5CVSS
6.4AI Score
0.001EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
4.8CVSS
5.1AI Score
0.001EPSS