Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-35180
HistoryMay 21, 2024 - 1:15 p.m.

CVE-2024-35180

2024-05-2113:15:08
CWE-830
[email protected]
web.nvd.nist.gov
omero.web
vulnerability
patched
version 5.26.0
jsonp
callback parameter

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0

Percentile

9.0%

JSON

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.

Related

veracode 1
cvelist 1
cve 1
osv 2
vulnrichment 1
github 1
veracode
veracode
Improper Callback Validation
2024-05-23 07:49:17
cvelist
cvelist
CVE-2024-35180 OMERO.web JSONP callback vulnerability
2024-05-21 12:33:02
cve
cve
CVE-2024-35180
2024-05-21 13:15:08
osv
osv
CVE-2024-35180
2024-05-21 13:15:08
OMERO.web must check that the JSONP callback is a valid function
2024-05-21 14:33:23
vulnrichment
vulnrichment
CVE-2024-35180 OMERO.web JSONP callback vulnerability
2024-05-21 12:33:02
github
github
OMERO.web must check that the JSONP callback is a valid function
2024-05-21 14:33:23

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0

Percentile

9.0%

JSON
Related for NVD:CVE-2024-35180
veracode1cvelist1cve1osv2vulnrichment1github1