NVD

Id
32878  
Name
CVE-2014-5100  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-07-25  
Modified Date
2014-07-28  
Seq
2014-5100  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
172664 32878 CVE-2014-5100 http://omeka.org/blog/2014/07/16/omeka-2-2-1-security-update-released  View
172665 32878 CVE-2014-5100 http://omeka.org/codex/Release_Notes_for_2.2.1  View
172666 32878 CVE-2014-5100 http://packetstormsecurity.com/files/127523/Omeka-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html  View
172667 32878 CVE-2014-5100 34100  View
172668 32878 CVE-2014-5100 68707  View
172669 32878 CVE-2014-5100 http://www.zeroscience.mk/codes/omeka_csrfxss.txt  View
172670 32878 CVE-2014-5100 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5193.php  View
172671 32878 CVE-2014-5100 omeka-apikeylabel-xss(94689)  View
172672 32878 CVE-2014-5100 omeka-multiple-csrf(94690)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14703 JVNDB-2014-003578 Omeka におけるクロスサイトリクエストフォージェリの脆弱性 Omeka には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2014-5100 72389 CVE-2014-5100 32878 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003578.html 2014-07-16 2014-07-29 View