CVE-2023-4158— Cross-site Scripting (XSS) - Stored in omeka/omeka-s

EPSS 0.08% · P24 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-4158

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cross-site Scripting (XSS) - Stored in omeka/omeka-s

Source: NVD (National Vulnerability Database)

Vulnerability Description

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Omeka S 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Omeka S是Omeka公司的一个开源的网络内容管理系统（CMS），专门用于创建和管理数字展览和在线数字档案馆。它是 Omeka 项目的新版本，与传统的 Omeka Classic 不同，Omeka S 强调多用户协作和实现更大规模的数字展览。 Omeka S 4.0.3之前版本存在跨站脚本漏洞。攻击者利用该漏洞执行跨站脚本攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
omeka	omeka/omeka-s	unspecified ~ 4.0.3	-

II. Public POCs for CVE-2023-4158

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-4158

请登录查看更多情报信息。

Same Patch Batch · omeka · 2023-08-04 · 3 CVEs total

CVE-2023-4157	5.2 MEDIUM	Improper Neutralization of Special Elements in Output Used by a Downstream Component in om
CVE-2023-4159		Unrestricted Upload of File with Dangerous Type in omeka/omeka-s

IV. Related Vulnerabilities

Same product: omeka/omeka-s

Same vendor: omeka

Same weakness: CWE-79

V. Comments for CVE-2023-4158

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-4158— Cross-site Scripting (XSS) - Stored in omeka/omeka-s

I. Basic Information for CVE-2023-4158

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-4158

III. Intelligence Information for CVE-2023-4158

Same Patch Batch · omeka · 2023-08-04 · 3 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-4158

Leave a comment