CVE-2021-21376
- EPSS 0.42%
- Veröffentlicht 23.03.2021 16:15:14
- Zuletzt bearbeitet 21.11.2024 05:48:13
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main web...
CVE-2021-21377
- EPSS 0.31%
- Veröffentlicht 23.03.2021 16:15:14
- Zuletzt bearbeitet 21.11.2024 05:48:13
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirecti...
CVE-2020-7932
- EPSS 0.35%
- Veröffentlicht 17.06.2020 17:15:10
- Zuletzt bearbeitet 21.11.2024 05:38:02
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be expo...