Detections
Analytics

CVE-2014-5100

medium

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/94690

https://exchange.xforce.ibmcloud.com/vulnerabilities/94689

http://omeka.org/codex/Release_Notes_for_2.2.1

http://omeka.org/blog/2014/07/16/omeka-2-2-1-security-update-released

Details

Source: Mitre, NVD

Published: 2014-07-25

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.02109