MEDIUM🇬🇧 English

CVE-2021-26799

CVSS 6.1v3.1pub. 2021-07-23upd. 2024-11-21

Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Omeka

    APP
    Omeka
    ≤ 2.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2023-3980MEDIUM4.8ten sam produkt

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.

CVE-2023-3981MEDIUM4.9ten sam produkt

Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.

CVE-2023-3982MEDIUM4.8ten sam produkt

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.

CVE-2018-13423MEDIUM6.1ten sam produkt

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.

CVE-2014-5100MEDIUM6.8ten sam produkt

Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hij...