CVE-2024-35180 OMERO.web JSONP callback vulnerability

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0...

CVE-2021-41132

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

CVE-2021-41132

OMERO.web (web client/infrastructure) is vulnerable in versions before 5.11.0 due to improper HTML escaping in multiple templates and the use of jQuery.html(), enabling cross-site scripting (XSS) with crafted input. The issue affects OMERO.web before 5.11.0 (and related components per advisories)...

Plume CMS 1.1.3 - dbinstall.php Remote File Inclusion

Plume CMS 1.1.3 - dbinstall.php Remote File Inclusion /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites,...

Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ================================================================= Plume CMS 1.1.3 dbinstall.php Remote File Include Vulnerability =================================================================...

Plume CMS 1.1.3 - 'dbinstall.php' Remote File Inclusion

/------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites, file management, multiple authors with different righ...