29 matches found
EUVD-2025-199100
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack...
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. Patches User should upgrade OMERO.web to 5.29.3 or higher...
GHSA-J4GV-6X9V-V23G OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. Patches User should upgrade OMERO.web to 5.29.3 or higher...
EUVD-2020-0120
Malware in sbrugna...
CVE-2025-54791
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
OMERO.web displays unecessary user information when requesting password reset
Background If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. Impact OMERO.web before 5.29.1 Patches User should upgrade to 5.29.2 or higher Workarounds Disable t...
GHSA-GPMG-4X4G-MR5R OMERO.web displays unecessary user information when requesting password reset
Background If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. Impact OMERO.web before 5.29.1 Patches User should upgrade to 5.29.2 or higher Workarounds Disable t...
omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by CVE-2025-54791 via omero-web (=5.13.0)
omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....
Information Exposure
Overview omero-web is an OMERO.web Affected versions of this package are vulnerable to Information Exposure via the getGuestConnection function in the webadmin/views.py file. An attacker can obtain unnecessary user information by triggering error messages during password reset attempts. Workaroun...
CVE-2025-54791
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
CVE-2025-54791
CVE-2025-54791 concerns OMERO.web prior to 5.29.2, where an error during the Forgot Password flow could disclose user information in the web page. The issue is mitigated by upgrading to version 5.29.2 or higher. As a workaround, disabling the Forgot Password option via the omero.web.show_forgot_p...
CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
OMERO.web 安全漏洞
OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A security vulnerability exists in OMERO.web versions prior to 5.29.2 that originates from an error message disclosing user information when resetting a password...
PT-2025-32994 · Omero.Web · Omero.Web
Name of the Vulnerable Software and Affected Versions: OMERO.web versions prior to 5.29.2 Description: OMERO.web provides a web-based client and plugin infrastructure. If an error occurred when resetting a user's password using the Forgot Password option, the error message displayed on the webpag...
CVE-2021-21376
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...
OMERO.web 安全漏洞
OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A security vulnerability exists in OMERO.web version 5.25.0 and earlier, which stems from the inability to escape or validate the callback parameter...
OMERO-web Sensitive Data Exposure
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...
PYSEC-2021-379
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...