Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Omeka Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13423)

Description

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.

Remediation

References

Related Vulnerabilities

XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2035)

WordPress Plugin Google Doc Embedder SQL Injection (2.5.14)

Django CVE-2024-41990 Vulnerability (CVE-2024-41990)

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892)

WordPress Plugin WP YouTube Live Cross-Site Scripting (1.7.21)

Severity

Medium

Classification

CVE-2018-13423 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities