Moderate severityNVD Advisory· Published May 21, 2024· Updated Aug 2, 2024
OMERO.web JSONP callback vulnerability
CVE-2024-35180
Description
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
omero-webPyPI | < 5.26.0 | 5.26.0 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-vr85-5pwx-c6gqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-35180ghsaADVISORY
- github.com/ome/omero-web/commit/d41207cbb82afc56ea79e84db532608aa24ab4aaghsax_refsource_MISCWEB
- github.com/ome/omero-web/security/advisories/GHSA-vr85-5pwx-c6gqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.