CVE-2023-4157

low-risk

Published 2023-08-04

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GitHub repository omeka/omeka-s prior to version 4.0.3.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.2/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Omeka S

Affected Vendors

Omeka

References (4)

Patch https://github.com/omeka/omeka-s/commit/8b72619d9731b32dd21ab6dcaa01ccc3bbf0db63

Exploit https://huntr.dev/bounties/abc3521b-1238-4c4e-97f1-2957db670014

Patch https://github.com/omeka/omeka-s/commit/8b72619d9731b32dd21ab6dcaa01ccc3bbf0db63

Exploit https://huntr.dev/bounties/abc3521b-1238-4c4e-97f1-2957db670014

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal