First published: Fri Jul 23 2021(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Omeka Omeka | <=2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-26799 is a Cross Site Scripting (XSS) vulnerability in the admin/files/edit endpoint in Omeka Classic <=2.7, allowing remote attackers to inject arbitrary web script or HTML.
The severity of CVE-2021-26799 is medium, with a CVSS score of 6.1.
Remote attackers can exploit CVE-2021-26799 by injecting arbitrary web script or HTML through the admin/files/edit endpoint in Omeka Classic <=2.7.
Yes, the vulnerability has been fixed in Omeka Classic through the commit 08bfdf470e234edb68e5307a2fef8c899d89256c.
More information about CVE-2021-26799 can be found in the GitHub issue #935.