CVE-2023-4157 Vulnerability Details
/
/
/
CVE-2023-4157 Metadata Quick Info
CVE Published: 04/08/2023 |
CVE Updated: 09/10/2024 |
CVE Year: 2023
Source: @huntrdev |
Vendor: omeka |
Product: omeka/omeka-s
Status : PUBLISHED
CVE-2023-4157 Description
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\'Injection\') in GitHub repository omeka/omeka-s prior to version 4.0.3.
Metrics
CVSS Version: 3.1 |
Base Score: 5.2 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
l➤ Exploitability Metrics: Attack Vector (AV)* NETWORK Attack Complexity (AC)* LOW Privileges Required (PR)* HIGH User Interaction (UI)* REQUIRED Scope (S)* UNCHANGED l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* LOW Availability Impact (A)* NONE Weakness Enumeration (CWE)
CWE-ID: CWE-74 CWE Name: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (
Injection
) Source: omeka Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID: CAPEC Description:
Source: NVD (National Vulnerability Database).