3 matches found
CVE-2021-41132
OMERO.web (web client/infrastructure) is vulnerable in versions before 5.11.0 due to improper HTML escaping in multiple templates and the use of jQuery.html(), enabling cross-site scripting (XSS) with crafted input. The issue affects OMERO.web before 5.11.0 (and related components per advisories)...
CVE-2024-35180
CVE-2024-35180 affects OMERO.web and arises from lack of escaping/validation of the JSONP callback parameter on endpoints with JSONP enabled. The vulnerability can be triggered via the callback parameter used by JSONP-enabled endpoints (e.g., webclient/imgData/...); this issue existed in OMERO.we...
CVE-2025-54791
CVE-2025-54791 concerns OMERO.web prior to 5.29.2, where an error during the Forgot Password flow could disclose user information in the web page. The issue is mitigated by upgrading to version 5.29.2 or higher. As a workaround, disabling the Forgot Password option via the omero.web.show_forgot_p...