John Flatness

8 exploits Active since Jul 2018
CVE-2018-13423 WRITEUP MEDIUM WRITEUP
Omeka < 2.6.1 - XSS
admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.
CVSS 6.1
CVE-2021-26799 WRITEUP MEDIUM WRITEUP
Omeka < 2.7 - XSS
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.
CVSS 6.1
CVE-2023-3980 WRITEUP MEDIUM WRITEUP
Omeka < 4.0.2 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
CVSS 4.8
CVE-2023-4157 WRITEUP MEDIUM WRITEUP
Omeka S < 4.0.3 - Injection
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.
CVSS 5.2
CVE-2023-4158 WRITEUP MEDIUM WRITEUP
Omeka S < 4.0.3 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.
CVSS 5.4
CVE-2023-4159 WRITEUP HIGH WRITEUP
Omeka S < 4.0.3 - Unrestricted File Upload
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.
CVSS 8.8
CVE-2023-4560 WRITEUP MEDIUM WRITEUP
GitHub omeka/omeka-s <4.0.4 - Info Disclosure
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
CVSS 6.5
CVE-2023-4561 WRITEUP MEDIUM WRITEUP
omeka/omeka-s <4.0.4 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
CVSS 4.8