47 matches found
EUVD-2018-1967
Malware in sbrugna...
EUVD-2021-0156
Malware in sbrugna...
EUVD-2021-0158
Malware in sbrugna...
CVE-2024-35180
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2021-21377
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...
CVE-2021-41132
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
GHSA-VR85-5PWX-C6GQ OMERO.web must check that the JSONP callback is a valid function
Background There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite...
OMERO.web must check that the JSONP callback is a valid function
Background There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite...
CVE-2024-35180
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2024-35180 OMERO.web JSONP callback vulnerability
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2024-35180 OMERO.web JSONP callback vulnerability
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2024-35180 OMERO.web JSONP callback vulnerability
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...
CVE-2024-35180
CVE-2024-35180 affects OMERO.web and arises from lack of escaping/validation of the JSONP callback parameter on endpoints with JSONP enabled. The vulnerability can be triggered via the callback parameter used by JSONP-enabled endpoints (e.g., webclient/imgData/...); this issue existed in OMERO.we...
GHSA-VWXV-FRJ6-FHC9 OMERO-web Sensitive Data Exposure
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...
GHSA-G67G-HVC3-XMVF Inconsistent input sanitisation leads to XSS vectors
Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...
Inconsistent input sanitisation leads to XSS vectors
Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...
CVE-2021-41132
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
CVE-2021-41132
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
Cross site scripting
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
PYSEC-2021-372
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...