70 matches found
CVE-2025-54791
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
CVE-2025-54791
CVE-2025-54791 concerns OMERO.web prior to 5.29.2, where an error during the Forgot Password flow could disclose user information in the web page. The issue is mitigated by upgrading to version 5.29.2 or higher. As a workaround, disabling the Forgot Password option via the omero.web.show_forgot_p...
CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
CVE-2025-54791 OMERO.web displays unecessary user information when requesting to reset the password
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been...
OMERO.web 安全漏洞
OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A security vulnerability exists in OMERO.web versions prior to 5.29.2 that originates from an error message disclosing user information when resetting a password...
PT-2025-32994 · Omero.Web · Omero.Web
Name of the Vulnerable Software and Affected Versions: OMERO.web versions prior to 5.29.2 Description: OMERO.web provides a web-based client and plugin infrastructure. If an error occurred when resetting a user's password using the Forgot Password option, the error message displayed on the webpag...
CVE-2021-21376
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...
CVE-2014-7198
OMERO before 5.0.6 has multiple CSRF vulnerabilities because the framework for OMERO's web interface lacks CSRF protection...
omero-figure (=4.4.2), omero-iviewer (=0.11.2) +4 more potentially affected by CVE-2024-35180 via omero-web (=5.13.0)
omero-web PYPI version =5.13.0 is affected by a known vulnerability. The following packages have a transitive dependency on omero-web and may be impacted: - omero-figure =4.4.2 - omero-iviewer =0.11.2 - omero-mapr =0.4.3 - omero-parade =0.2.2 - omero-signup =0.3.1 - omero-virtual-microscope =1.1....
OMERO.web 安全漏洞
OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A security vulnerability exists in OMERO.web version 5.25.0 and earlier, which stems from the inability to escape or validate the callback parameter...
OMERO-web Sensitive Data Exposure
OMERO.web before 5.6.3 optionally allows sensitive data elements e.g., a session key to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target...
PYSEC-2021-379
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
PYSEC-2021-372
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
CVE-2021-41132
OMERO.web (web client/infrastructure) is vulnerable in versions before 5.11.0 due to improper HTML escaping in multiple templates and the use of jQuery.html(), enabling cross-site scripting (XSS) with crafted input. The issue affects OMERO.web before 5.11.0 (and related components per advisories)...
OMERO.web跨站脚本漏洞
OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A cross-site scripting vulnerability exists in omero-web that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit...
Information Disclosure
OMERO web is vulnerable to information disclosure. The vulnerability exists because the main webclient page loads various information about the current user such as their id, name and the groups they are in...
PYSEC-2021-32
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL...
Unspecified Vulnerability in OMERO.server
OMERO.server is an image server from the Open Microscopy Environment team. A security vulnerability exists in OMERO.server versions prior to 5.6.1, which can be exploited by an attacker with a specially crafted query to bypass security filters and access hidden objects...
CVE-2019-16244
OMERO.server before 5.6.1 allows attackers to bypass the security filters and access hidden objects via a crafted query...