omero-web
PyPI6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting omero-webpage 1 of 1
- CVE-2020-7932MEDIUMCVSS 5.7EG 5.7✓ Fixed in 5.6.32020-06-17
vulnerable: 5.5.dev1 ... 5.6.dev7 (12 versions)
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters …
- CVE-2021-21376MEDIUMCVSS 6.4EG 6.4✓ Fixed in 5.9.02021-03-23
vulnerable: 5.5.dev1 ... 5.8.1 (17 versions)
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on t…
- CVE-2021-21377MEDIUMCVSS 4.8EG 4.8✓ Fixed in 5.9.02021-03-23
vulnerable: 5.5.dev1 ... 5.8.1 (17 versions)
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowin…
- CVE-2021-41132CRITICALCVSS 9.8EG 9.8✓ Fixed in 5.11.02021-10-14
vulnerable: 5.10.0 ... 5.9.2 (22 versions)
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, th…
- CVE-2024-35180MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.26.02024-05-21
vulnerable: 5.10.0 ... 5.9.2 (42 versions)
OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the `callback` parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has bee…
- CVE-2025-54791MEDIUMCVSS 5.3EG 5.3✓ Fixed in 5.29.22025-08-13
vulnerable: 5.10.0 ... 5.9.2 (49 versions)
OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can …
Check whether omero-web is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for omero-web CVEs against the assets you own.
Start Free Scan →