Browse all 8 CVE security advisories affecting omeka. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Omeka serves as a web publishing platform for digital collections and archives, enabling institutions to create and manage online exhibits. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and access control issues. The platform's security posture has been impacted by flaws in its file upload mechanisms and third-party integrations. While no major public security incidents have been widely documented, the presence of eight CVEs indicates ongoing security considerations that require regular patching and hardening. Users should implement secure configuration practices to mitigate risks associated with its extensibility and plugin ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-4561 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s — omeka/omeka-sCWE-79 | 5.4 | - | 2023-08-28 |
| CVE-2023-4560 | Improper Authorization of Index Containing Sensitive Information in omeka/omeka-s — omeka/omeka-sCWE-612 | 4.3 | - | 2023-08-28 |
| CVE-2023-4159 | Unrestricted Upload of File with Dangerous Type in omeka/omeka-s — omeka/omeka-sCWE-434 | 8.8 | - | 2023-08-04 |
| CVE-2023-4158 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s — omeka/omeka-sCWE-79 | 5.4 | - | 2023-08-04 |
| CVE-2023-4157 | Improper Neutralization of Special Elements in Output Used by a Downstream Component in omeka/omeka-s — omeka/omeka-sCWE-74 | 5.2 | Medium | 2023-08-04 |
| CVE-2023-3982 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s — omeka/omeka-sCWE-79 | 5.4 | - | 2023-07-27 |
| CVE-2023-3981 | Server-Side Request Forgery (SSRF) in omeka/omeka-s — omeka/omeka-sCWE-918 | 7.5 | - | 2023-07-27 |
| CVE-2023-3980 | Cross-site Scripting (XSS) - Stored in omeka/omeka-s — omeka/omeka-sCWE-79 | 5.4 | - | 2023-07-27 |
This page lists every published CVE security advisory associated with omeka. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.