32 matches found
GHSA-J4GV-6X9V-V23G OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. Patches User should upgrade OMERO.web to 5.29.3 or higher...
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack
Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. Patches User should upgrade OMERO.web to 5.29.3 or higher...
omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by unknown CVE via omero-web (=5.13.0)
omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....
EUVD-2025-199100
OMERO.web uses jquery-form library, which may be vulnerable to XSS attack...
EUVD-2020-0120
Malware in sbrugna...
CVE-2025-54791
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
GHSA-GPMG-4X4G-MR5R OMERO.web displays unecessary user information when requesting password reset
Background If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. Impact OMERO.web before 5.29.1 Patches User should upgrade to 5.29.2 or higher Workarounds Disable t...
OMERO.web displays unecessary user information when requesting password reset
Background If an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. Impact OMERO.web before 5.29.1 Patches User should upgrade to 5.29.2 or higher Workarounds Disable t...
omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by CVE-2025-54791 via omero-web (=5.13.0)
omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....
Information Exposure
Overview omero-web is an OMERO.web Affected versions of this package are vulnerable to Information Exposure via the getGuestConnection function in the webadmin/views.py file. An attacker can obtain unnecessary user information by triggering error messages during password reset attempts. Workaroun...
omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by CVE-2025-54791 via omero-web (=5.13.0)
omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....
CVE-2025-54791
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
CVE-2025-54791
CVE-2025-54791 concerns OMERO.web prior to 5.29.2, where an error during the Forgot Password flow could disclose user information in the web page. The issue is mitigated by upgrading to version 5.29.2 or higher. As a workaround, disabling the Forgot Password option via the omero.web.show_forgot_p...
CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
OMERO.web 安全漏洞
OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A security vulnerability exists in OMERO.web versions prior to 5.29.2 that originates from an error message disclosing user information when resetting a password...
PT-2025-32994 · Omero.Web · Omero.Web
Name of the Vulnerable Software and Affected Versions: OMERO.web versions prior to 5.29.2 Description: OMERO.web provides a web-based client and plugin infrastructure. If an error occurred when resetting a user's password using the Forgot Password option, the error message displayed on the webpag...
CVE-2021-21376
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...
omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by CVE-2024-35180 via omero-web (=5.13.0)
omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....