{"id":"CVE-2018-13423","details":"admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag.","modified":"2026-03-12T22:47:13.116276Z","published":"2018-07-07T17:29:00.587Z","references":[{"type":"ADVISORY","url":"https://github.com/omeka/Omeka/releases/tag/v2.6.1"},{"type":"FIX","url":"https://github.com/omeka/Omeka/commit/ba841892116544847d76d3838781c9708cb92221"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/omeka/omeka","events":[{"introduced":"0"},{"fixed":"52e4998e05763b7444ba9557f4ddeea513848929"},{"fixed":"ba841892116544847d76d3838781c9708cb92221"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.6.1"}]}}],"versions":["v1.5","v1.5.1","v1.5.2-fixed","v1.5.3","v2.0","v2.0-alpha","v2.0-alpha-2","v2.0-beta","v2.0-rc1","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.1","v2.1-rc1","v2.1.1","v2.1.2","v2.1.3","v2.1.4","v2.2","v2.2.1","v2.2.2","v2.3","v2.3.1","v2.4","v2.4.1","v2.5","v2.5.1","v2.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-13423.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}