CVE-2025-54791
- EPSS 0.04%
- Veröffentlicht 13.08.2025 14:08:19
- Zuletzt bearbeitet 23.09.2025 18:13:48
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose in...
CVE-2024-35180
- EPSS 0.42%
- Veröffentlicht 21.05.2024 13:15:08
- Zuletzt bearbeitet 29.09.2025 18:01:01
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched i...
CVE-2021-41132
- EPSS 0.56%
- Veröffentlicht 14.10.2021 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:25:32
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a w...