John Flatness

CVE-2018-13423 WRITEUP MEDIUM WRITEUP

Omeka < 2.6.1 - Stored Cross-Site Scripting via Tag Editing

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.

CVSS 6.1

View Code

CVE-2021-26799 WRITEUP MEDIUM WRITEUP

Omeka < 2.7 - Cross-Site Scripting in admin/files/edit

Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.

CVSS 6.1

View Code

CVE-2023-3980 WRITEUP MEDIUM WRITEUP

Omeka < 4.0.2 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.

CVSS 4.8

View Code

CVE-2023-4157 WRITEUP MEDIUM WRITEUP

Omeka S < 4.0.3 - Injection

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.

CVSS 5.2

View Code

CVE-2023-4158 WRITEUP MEDIUM WRITEUP

Omeka S < 4.0.3 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.

CVSS 5.4

View Code

CVE-2023-4159 WRITEUP HIGH WRITEUP

Omeka S < 4.0.3 - Unrestricted Upload of File with Dangerous Type

Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.

CVSS 8.8

View Code

CVE-2023-4560 WRITEUP MEDIUM WRITEUP

GitHub omeka/omeka-s <4.0.4 - Info Disclosure

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.

CVSS 6.5

View Code

CVE-2023-4561 WRITEUP MEDIUM WRITEUP

Omeka S < 4.0.4 - Stored Cross-Site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.

CVSS 4.8

View Code