Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by omeka
CVE-2023-4560 (GCVE-0-2023-4560)
Vulnerability from cvelistv5 – Published: 2023-08-28 00:00 – Updated: 2024-10-02 13:40
VLAI
Title
Improper Authorization of Index Containing Sensitive Information in omeka/omeka-s
Summary
Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-612 - Improper Authorization of Index Containing Sensitive Information
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| omeka | omeka/omeka-s |
Affected:
unspecified , < 4.0.4
(custom)
|
|
| omeka | omeka_s |
Affected:
0 , < 4.0.4
(custom)
cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/86f06e28-ed8d-4f96-b4ad-e47f2fe94ba6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/omeka/omeka-s/commit/b3d8871f22e50ff96a7070fd0be18a0df7b6cbe7"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omeka_s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4560",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:40:06.654698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:40:44.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "omeka/omeka-s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-612",
"description": "CWE-612 Improper Authorization of Index Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T00:00:20.331Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/86f06e28-ed8d-4f96-b4ad-e47f2fe94ba6"
},
{
"url": "https://github.com/omeka/omeka-s/commit/b3d8871f22e50ff96a7070fd0be18a0df7b6cbe7"
}
],
"source": {
"advisory": "86f06e28-ed8d-4f96-b4ad-e47f2fe94ba6",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization of Index Containing Sensitive Information in omeka/omeka-s"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4560",
"datePublished": "2023-08-28T00:00:20.331Z",
"dateReserved": "2023-08-28T00:00:06.720Z",
"dateUpdated": "2024-10-02T13:40:44.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4561 (GCVE-0-2023-4561)
Vulnerability from cvelistv5 – Published: 2023-08-28 00:00 – Updated: 2024-10-02 13:39
VLAI
Title
Cross-site Scripting (XSS) - Stored in omeka/omeka-s
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| omeka | omeka/omeka-s |
Affected:
unspecified , < 4.0.4
(custom)
|
|
| omeka | omeka_s |
Affected:
0 , < 4.0.4
(custom)
cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d4302a0d-db62-4d76-93dd-e6e6473e057a"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/omeka/omeka-s/commit/4482f4fc0f3a66c5ef058c4be9fabf3c29a105af"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omeka_s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4561",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:38:59.471236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:39:43.593Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "omeka/omeka-s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T00:00:19.860Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d4302a0d-db62-4d76-93dd-e6e6473e057a"
},
{
"url": "https://github.com/omeka/omeka-s/commit/4482f4fc0f3a66c5ef058c4be9fabf3c29a105af"
}
],
"source": {
"advisory": "d4302a0d-db62-4d76-93dd-e6e6473e057a",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in omeka/omeka-s"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4561",
"datePublished": "2023-08-28T00:00:19.860Z",
"dateReserved": "2023-08-28T00:00:06.834Z",
"dateUpdated": "2024-10-02T13:39:43.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4159 (GCVE-0-2023-4159)
Vulnerability from cvelistv5 – Published: 2023-08-04 17:17 – Updated: 2024-10-09 19:14
VLAI
Title
Unrestricted Upload of File with Dangerous Type in omeka/omeka-s
Summary
Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.
Severity
9.9 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| omeka | omeka/omeka-s |
Affected:
unspecified , < 4.0.3
(custom)
|
|
| omeka | omeka_s |
Affected:
0 , < 4.0.3
(custom)
cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e2e2365e-6a5f-4ca4-9ef1-297e3ed41f9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omeka_s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4159",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:10:21.478456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:14:28.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "omeka/omeka-s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-04T17:17:21.972Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e2e2365e-6a5f-4ca4-9ef1-297e3ed41f9c"
},
{
"url": "https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8"
}
],
"source": {
"advisory": "e2e2365e-6a5f-4ca4-9ef1-297e3ed41f9c",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File with Dangerous Type in omeka/omeka-s"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4159",
"datePublished": "2023-08-04T17:17:21.972Z",
"dateReserved": "2023-08-04T17:17:17.765Z",
"dateUpdated": "2024-10-09T19:14:28.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4158 (GCVE-0-2023-4158)
Vulnerability from cvelistv5 – Published: 2023-08-04 17:16 – Updated: 2024-10-09 19:46
VLAI
Title
Cross-site Scripting (XSS) - Stored in omeka/omeka-s
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.
Severity
6.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| omeka | omeka/omeka-s |
Affected:
unspecified , < 4.0.3
(custom)
|
|
| omeka | omeka |
Affected:
0 , < 4.0.3
(custom)
cpe:2.3:a:omeka:omeka:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e0e462ae-d7cb-4a84-b6fe-5f5de20e3d15"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omeka:omeka:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omeka",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4158",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:10:33.302301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:46:08.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "omeka/omeka-s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-04T17:16:44.572Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e0e462ae-d7cb-4a84-b6fe-5f5de20e3d15"
},
{
"url": "https://github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8"
}
],
"source": {
"advisory": "e0e462ae-d7cb-4a84-b6fe-5f5de20e3d15",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in omeka/omeka-s"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4158",
"datePublished": "2023-08-04T17:16:44.572Z",
"dateReserved": "2023-08-04T17:16:36.982Z",
"dateUpdated": "2024-10-09T19:46:08.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4157 (GCVE-0-2023-4157)
Vulnerability from cvelistv5 – Published: 2023-08-04 17:15 – Updated: 2024-10-09 19:46
VLAI
Title
Improper Neutralization of Special Elements in Output Used by a Downstream Component in omeka/omeka-s
Summary
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.
Severity
5.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| omeka | omeka/omeka-s |
Affected:
unspecified , < 4.0.3
(custom)
|
|
| omeka | omeka |
Affected:
0 , < 4.0.3
(custom)
cpe:2.3:a:omeka:omeka:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/abc3521b-1238-4c4e-97f1-2957db670014"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/omeka/omeka-s/commit/8b72619d9731b32dd21ab6dcaa01ccc3bbf0db63"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omeka:omeka:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omeka",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4157",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-09T19:10:51.698297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:46:42.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "omeka/omeka-s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027) in GitHub repository omeka/omeka-s prior to version 4.0.3.\u003cbr\u003e"
}
],
"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027) in GitHub repository omeka/omeka-s prior to version 4.0.3.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T12:09:37.610Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/abc3521b-1238-4c4e-97f1-2957db670014"
},
{
"url": "https://github.com/omeka/omeka-s/commit/8b72619d9731b32dd21ab6dcaa01ccc3bbf0db63"
}
],
"source": {
"advisory": "abc3521b-1238-4c4e-97f1-2957db670014",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Special Elements in Output Used by a Downstream Component in omeka/omeka-s",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4157",
"datePublished": "2023-08-04T17:15:29.215Z",
"dateReserved": "2023-08-04T17:15:16.050Z",
"dateUpdated": "2024-10-09T19:46:42.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3982 (GCVE-0-2023-3982)
Vulnerability from cvelistv5 – Published: 2023-07-27 18:32 – Updated: 2024-10-15 15:25
VLAI
Title
Cross-site Scripting (XSS) - Stored in omeka/omeka-s
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| omeka | omeka/omeka-s |
Affected:
unspecified , < 4.0.2
(custom)
|
|
| omeka | omeka_s |
Affected:
0 , < 4.0.2
(custom)
cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e5e889ee-5947-4c2a-a72e-9c90e2e2a845"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/omeka/omeka-s/commit/27ff6575c88d970ce95e1d4096553a927e2003b9"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omeka_s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3982",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T14:37:14.965098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T15:25:30.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "omeka/omeka-s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T18:32:45.355Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e5e889ee-5947-4c2a-a72e-9c90e2e2a845"
},
{
"url": "https://github.com/omeka/omeka-s/commit/27ff6575c88d970ce95e1d4096553a927e2003b9"
}
],
"source": {
"advisory": "e5e889ee-5947-4c2a-a72e-9c90e2e2a845",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in omeka/omeka-s"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3982",
"datePublished": "2023-07-27T18:32:45.355Z",
"dateReserved": "2023-07-27T18:32:40.591Z",
"dateUpdated": "2024-10-15T15:25:30.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3981 (GCVE-0-2023-3981)
Vulnerability from cvelistv5 – Published: 2023-07-27 18:28 – Updated: 2024-10-15 15:28
VLAI
Title
Server-Side Request Forgery (SSRF) in omeka/omeka-s
Summary
Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| omeka | omeka/omeka-s |
Affected:
unspecified , < 4.0.2
(custom)
|
|
| omeka | omeka_s |
Affected:
0 , < 4.0.2
(custom)
cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/f5018226-0063-415d-9675-d7e30934ff78"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/omeka/omeka-s/commit/dc01ca1b03e845db8a6a6b665d8da36c8dcd2c31"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omeka_s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3981",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T14:37:39.553415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T15:28:05.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "omeka/omeka-s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T18:28:11.153Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/f5018226-0063-415d-9675-d7e30934ff78"
},
{
"url": "https://github.com/omeka/omeka-s/commit/dc01ca1b03e845db8a6a6b665d8da36c8dcd2c31"
}
],
"source": {
"advisory": "f5018226-0063-415d-9675-d7e30934ff78",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in omeka/omeka-s"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3981",
"datePublished": "2023-07-27T18:28:11.153Z",
"dateReserved": "2023-07-27T18:28:03.518Z",
"dateUpdated": "2024-10-15T15:28:05.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3980 (GCVE-0-2023-3980)
Vulnerability from cvelistv5 – Published: 2023-07-27 18:26 – Updated: 2024-10-15 15:29
VLAI
Title
Cross-site Scripting (XSS) - Stored in omeka/omeka-s
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| omeka | omeka/omeka-s |
Affected:
unspecified , < 4.0.2
(custom)
|
|
| omeka | omeka_s |
Affected:
0 , < 4.0.2
(custom)
cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/6eb3cb9a-5c78-451f-ae76-0b1e62fe5e54"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/omeka/omeka-s/commit/c6833c0531a07bd914e9f85a61bbbc16e9b4c8df"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:omeka:omeka_s:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "omeka_s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3980",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T14:38:05.568165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T15:29:03.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "omeka/omeka-s",
"vendor": "omeka",
"versions": [
{
"lessThan": "4.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T18:26:20.420Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/6eb3cb9a-5c78-451f-ae76-0b1e62fe5e54"
},
{
"url": "https://github.com/omeka/omeka-s/commit/c6833c0531a07bd914e9f85a61bbbc16e9b4c8df"
}
],
"source": {
"advisory": "6eb3cb9a-5c78-451f-ae76-0b1e62fe5e54",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in omeka/omeka-s"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3980",
"datePublished": "2023-07-27T18:26:20.420Z",
"dateReserved": "2023-07-27T18:26:07.642Z",
"dateUpdated": "2024-10-15T15:29:03.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26799 (GCVE-0-2021-26799)
Vulnerability from cvelistv5 – Published: 2021-07-23 10:39 – Updated: 2024-08-03 20:33
VLAI
Summary
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/omeka/Omeka/issues/935 | x_refsource_MISC |
| https://github.com/omeka/Omeka/commit/08bfdf470e2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:33:41.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/omeka/Omeka/issues/935"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/omeka/Omeka/commit/08bfdf470e234edb68e5307a2fef8c899d89256c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic \u003c=2.7 allows remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-23T10:39:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omeka/Omeka/issues/935"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omeka/Omeka/commit/08bfdf470e234edb68e5307a2fef8c899d89256c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic \u003c=2.7 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/omeka/Omeka/issues/935",
"refsource": "MISC",
"url": "https://github.com/omeka/Omeka/issues/935"
},
{
"name": "https://github.com/omeka/Omeka/commit/08bfdf470e234edb68e5307a2fef8c899d89256c",
"refsource": "MISC",
"url": "https://github.com/omeka/Omeka/commit/08bfdf470e234edb68e5307a2fef8c899d89256c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26799",
"datePublished": "2021-07-23T10:39:50.000Z",
"dateReserved": "2021-02-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:33:41.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13423 (GCVE-0-2018-13423)
Vulnerability from cvelistv5 – Published: 2018-07-07 17:00 – Updated: 2024-09-16 16:47
VLAI
Summary
admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/omeka/Omeka/commit/ba841892116… | x_refsource_MISC |
| https://github.com/omeka/Omeka/releases/tag/v2.6.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:35.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/omeka/Omeka/commit/ba841892116544847d76d3838781c9708cb92221"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/omeka/Omeka/releases/tag/v2.6.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-07T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omeka/Omeka/commit/ba841892116544847d76d3838781c9708cb92221"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/omeka/Omeka/releases/tag/v2.6.1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/omeka/Omeka/commit/ba841892116544847d76d3838781c9708cb92221",
"refsource": "MISC",
"url": "https://github.com/omeka/Omeka/commit/ba841892116544847d76d3838781c9708cb92221"
},
{
"name": "https://github.com/omeka/Omeka/releases/tag/v2.6.1",
"refsource": "MISC",
"url": "https://github.com/omeka/Omeka/releases/tag/v2.6.1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13423",
"datePublished": "2018-07-07T17:00:00.000Z",
"dateReserved": "2018-07-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:47:51.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5100 (GCVE-0-2014-5100)
Vulnerability from cvelistv5 – Published: 2014-07-25 19:00 – Updated: 2024-08-06 11:34
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://omeka.org/codex/Release_Notes_for_2.2.1 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/68707 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/34100 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.com/files/127523/Omeka… | x_refsource_MISC |
| http://www.zeroscience.mk/codes/omeka_csrfxss.txt | x_refsource_MISC |
| http://omeka.org/blog/2014/07/16/omeka-2-2-1-secu… | x_refsource_CONFIRM |
| http://www.zeroscience.mk/en/vulnerabilities/ZSL-… | x_refsource_MISC |
Date Public
2014-07-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://omeka.org/codex/Release_Notes_for_2.2.1"
},
{
"name": "omeka-apikeylabel-xss(94689)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94689"
},
{
"name": "omeka-multiple-csrf(94690)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94690"
},
{
"name": "68707",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68707"
},
{
"name": "34100",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34100"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127523/Omeka-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/codes/omeka_csrfxss.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://omeka.org/blog/2014/07/16/omeka-2-2-1-security-update-released"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5193.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://omeka.org/codex/Release_Notes_for_2.2.1"
},
{
"name": "omeka-apikeylabel-xss(94689)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94689"
},
{
"name": "omeka-multiple-csrf(94690)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94690"
},
{
"name": "68707",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68707"
},
{
"name": "34100",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34100"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127523/Omeka-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/codes/omeka_csrfxss.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://omeka.org/blog/2014/07/16/omeka-2-2-1-security-update-released"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5193.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://omeka.org/codex/Release_Notes_for_2.2.1",
"refsource": "CONFIRM",
"url": "http://omeka.org/codex/Release_Notes_for_2.2.1"
},
{
"name": "omeka-apikeylabel-xss(94689)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94689"
},
{
"name": "omeka-multiple-csrf(94690)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94690"
},
{
"name": "68707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68707"
},
{
"name": "34100",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34100"
},
{
"name": "http://packetstormsecurity.com/files/127523/Omeka-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127523/Omeka-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"name": "http://www.zeroscience.mk/codes/omeka_csrfxss.txt",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/codes/omeka_csrfxss.txt"
},
{
"name": "http://omeka.org/blog/2014/07/16/omeka-2-2-1-security-update-released",
"refsource": "CONFIRM",
"url": "http://omeka.org/blog/2014/07/16/omeka-2-2-1-security-update-released"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5193.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5193.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5100",
"datePublished": "2014-07-25T19:00:00.000Z",
"dateReserved": "2014-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:34:37.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}