PyPI package
omero-web
pkg:pypi/omero-web
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54791 | — | < 5.29.2 | 5.29.2 | Aug 13, 2025 | OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This | ||
| CVE-2024-35180 | — | < 5.26.0 | 5.26.0 | May 21, 2024 | OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0. | ||
| CVE-2021-41132 | — | < 5.11.0 | 5.11.0 | Oct 14, 2021 | OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site script | ||
| CVE-2021-21377 | — | < 5.9.0 | 5.9.0 | Mar 23, 2021 | OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.w | ||
| CVE-2021-21376 | — | < 5.9.0 | 5.9.0 | Mar 23, 2021 | OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents | ||
| CVE-2020-7932 | — | < 5.6.3 | 5.6.3 | Jun 17, 2020 | OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen |
- CVE-2025-54791Aug 13, 2025affected < 5.29.2fixed 5.29.2
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This
- CVE-2024-35180May 21, 2024affected < 5.26.0fixed 5.26.0
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version 5.26.0.
- CVE-2021-41132Oct 14, 2021affected < 5.11.0fixed 5.11.0
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site script
- CVE-2021-21377Mar 23, 2021affected < 5.9.0fixed 5.9.0
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.w
- CVE-2021-21376Mar 23, 2021affected < 5.9.0fixed 5.9.0
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents
- CVE-2020-7932Jun 17, 2020affected < 5.6.3fixed 5.6.3
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen