5 matches found
CVE-2021-21376
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...
Input validation
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...
CVE-2021-21377
Summary: CVE-2021-21377 affects OMERO.web up to version 5.9.0, where redirects after login or group context switch could be sent to untrusted external URLs due to missing URL validation. The vulnerability is mitigated in 5.9.0 by added URL validation; external URLs are rejected unless explicitly ...
CVE-2021-21377 Open Redirect in OMERO.web
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...
CVE-2021-21376 Information Exposure in OMERO.web
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...