OpenStack Horizon 跨站脚本漏洞

OpenStack Horizon is a Django-based project for OpenStack designed to provide complete OpenStack dashboards and an extensible framework for building new dashboards from reusable components. A cross-site scripting vulnerability exists in OpenStack Horizon. An attacker could exploit this...

CVE-2021-21376

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

CVE-2021-21377

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...

CVE-2021-21377

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...

Information disclosure

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

Input validation

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...

CVE-2021-21377

Summary: CVE-2021-21377 affects OMERO.web up to version 5.9.0, where redirects after login or group context switch could be sent to untrusted external URLs due to missing URL validation. The vulnerability is mitigated in 5.9.0 by added URL validation; external URLs are rejected unless explicitly ...

CVE-2021-21377 Open Redirect in OMERO.web

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...

CVE-2021-21376 Information Exposure in OMERO.web

OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...

CVE-2021-21376

CVE-2021-21376 affects OMERO.web (Django-based web interface for OMERO). The vulnerability arises because before version 5.9.0, the main webclient pages load and expose various information about the current user (e.g., user id, name, and group memberships). Some additional loaded information is n...